azure-docs/articles/sentinel/index.yml at fe3d7e1aa0f8e37f19985ebfb10de416abdca504 · MicrosoftDocs/azure-docs · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
### YamlMime:Landing

title: Microsoft Sentinel documentation # < 60 chars
summary: Microsoft Sentinel provides attack detection, threat visibility, proactive hunting, and threat response to help you stop threats before they cause harm.  # < 160 chars

metadata:
  title: Microsoft Sentinel documentation
  description: Microsoft Sentinel provides attack detection, threat visibility, proactive hunting, and threat response to help you stop threats before they cause harm.
  ms.service: microsoft-sentinel
  ms.topic: landing-page
  author: guywi-ms
  ms.author: guywild
  ms.date: 01/03/2025

# linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new

landingContent:
# Cards and links should be based on top customer tasks or top subjects
# Start card title with a verb
  # Card (optional)
  - title: About Microsoft Sentinel
    linkLists:
      - linkListType: overview
        links:
          - text: What is Microsoft Sentinel?
            url: overview.md
          - text: Best practices
            url: best-practices.md
      - linkListType: whats-new
        links:
          - text: What's new in Microsoft Sentinel?
            url: whats-new.md

  # Card (optional)
  - title: Get started
    linkLists:
      - linkListType: quickstart
        links:
          - text: Onboard Microsoft Sentinel
            url: quickstart-onboard.md
      - linkListType: deploy
        links:
          - text: Deployment guide
            url: deploy-overview.md
          - text: Prerequisites
            url: prerequisites.md
          - text: Plan costs
            url: billing.md
          - text: Find solutions
            url: sentinel-solutions-catalog.md
      - linkListType: how-to-guide
        links:
          - text: Install solutions and content
            url: sentinel-solutions-deploy.md
  # Card
  - title: Microsoft Sentinel data lake
    linkLists:
      - linkListType: overview
        links:
          - text: "What is Microsoft Sentinel data lake"
            url: datalake/sentinel-lake-overview.md
      - linkListType: deploy
        links:
          - text: "Onboarding to Microsoft Sentinel data lake"
            url: datalake/sentinel-lake-onboarding.md
          - text: "Set up connectors for the Microsoft Sentinel data lake"
            url: datalake/sentinel-lake-connectors.md
      - linkListType: concept
        links:
          - text: KQL and Microsoft Sentinel data lake
            url: datalake/kql-overview.md
          - text: Notebooks and Microsoft Sentinel data lake
            url: datalake/notebooks-overview.md
      - linkListType: how-to-guide
        links:
          - text: Run KQL queries
            url: datalake/kql-queries.md
          - text: Running notebooks
            url: datalake/notebooks.md
  # Card
  - title: Unified security operations
    linkLists:
      - linkListType: overview
        links:
          - text: "What are unified security operations?"
            url: /unified-secops-platform/overview-unified-security
          - text: "Microsoft Defender portal overview"
            url: /unified-secops-platform/overview-defender-portal
          - text: "Microsoft Sentinel in the Microsoft Defender portal"
            url: microsoft-sentinel-defender-portal.md
      - linkListType: deploy
        links:
          - text: "Plan for unified security operations"
            url: /unified-secops-platform/overview-plan
          - text: "Deploy unified security operations"
            url: /unified-secops-platform/overview-deploy
      - linkListType: how-to-guide
        links:
          - text: Connect Microsoft Sentinel to the Microsoft Defender portal
            url: /defender-xdr/microsoft-sentinel-onboard?toc=%2Funified-secops-platform%2Ftoc.json&bc=%2Funified-secops-platform%2Fbreadcrumb%2Ftoc.json

  # Card
  - title: Collect data
    linkLists:
      - linkListType: concept
        links:
          - text: Microsoft Sentinel data connectors
            url: connect-data-sources.md
          - text: Data collection best practices
            url: best-practices-data.md
          - text: Normalizing and parsing data
            url: normalization.md
      - linkListType: tutorial
        links:
          - text: Forward Syslog data to Log Analytics workspace
            url: forward-syslog-monitor-agent.md
      - linkListType: how-to-guide
        links:
          - text: Create a custom connector
            url: create-custom-connector.md
          - text: Monitor connector health
            url: monitor-data-connector-health.md
      - linkListType: reference
        links:
          - text: Find data connectors
            url: data-connectors-reference.md


 # Card (optional)
  - title: Detect threats
    linkLists:
      - linkListType: concept
        links:
          - text: Understand threat intelligence
            url: understand-threat-intelligence.md
          - text: MITRE ATT&CK® framework
            url: mitre-coverage.md
          - text: User and entity behavior analytics (UEBA)
            url: identify-threats-with-entity-behavior-analytics.md
          - text: Customizable anomalies
            url: soc-ml-anomalies.md
      - linkListType: tutorial
        links:
          - text: Detect threats by using analytics rules
            url: tutorial-log4j-detection.md
      - linkListType: how-to-guide
        links:
          - text: Detect threats by using built-in analytics
            url: detect-threats-built-in.md
          - text: Create custom detection rules
            url: detect-threats-custom.md

 # Card (optional)
  - title: Investigate and respond
    linkLists:
      - linkListType: concept
        links:
          - text: Incident investigation and case management
            url: incident-investigation.md
          - text: Threat hunting
            url: hunting.md
          - text: Kusto Query Language overview
            url: /kusto/query/?view=microsoft-sentinel&toc=/azure/sentinel/TOC.json&bc=/azure/sentinel/breadcrumb/toc.json
          - text: Automation rules
            url: automate-incident-handling-with-automation-rules.md
          - text: Playbooks
            url: automate-responses-with-playbooks.md
      - linkListType: tutorial
        links:
        - text: Investigate with UEBA
          url: investigate-with-ueba.md
        - text: Respond automatically to threats
          url: tutorial-respond-threats-playbook.md
      - linkListType: how-to-guide
        links:
          - text: Investigate incidents
            url: investigate-incidents.md
          - text: Manage incident workflow with tasks
            url: work-with-tasks.md
          - text: Monitor your data
            url: monitor-your-data.md
          - text: Conduct end-to-end threat hunting
            url: hunts.md