IMPORTANT❗❗❗: we moved this project to the official Azure Sentinel repository. To visit the latest version, go here: http://aka.ms/sentinellabs
These labs help you get ramped up with Azure Sentinel and provide hands-on practical experience for product features, capabilities, and scenarios.
The lab deploys an Azure Sentinel workspace and ingests pre-recorded data to simulate scenarios that showcase various Azure Sentinel features. You should expect very little or no cost at all due to the size of the data (~10 MBs) and the fact that Azure Sentinel offers a 30-day free trial.
To deploy Azure Sentinel Labs, you must have a Microsoft Azure subscription. If you do not have an existing Azure subscription, you can sign up for a free trial here.
- Version 0.2 - Azure Sentinel Labs Beta
Module 1 – Setting up the environment
- Enable Azure Activity data connector
- Enable Azure Defender data connector
- Enable Threat Intelligence TAXII data connector
- Analytics Rules overview
- Enable Microsoft incident creation rule
- Review Fusion Rule (Advanced Multistage Attack Detection)
- Create custom analytics rule
- Review resulting security incident
Module 4 – Incident Management
- Review Azure Sentinel incident tools and capabilities
- Handling Incident "Sign-ins from IPs that attempt sign-ins to disabled accounts"