From the course: Microsoft Security Operations Analyst Associate (SC-200) Exam Tips
Join today to access over 23,100 courses taught by industry experts.
Manage incidents in Microsoft Sentinel
From the course: Microsoft Security Operations Analyst Associate (SC-200) Exam Tips
Manage incidents in Microsoft Sentinel
- [Instructor] Microsoft Sentinel is used as an aggregation point for data sources throughout your Microsoft, on-premises, and multi-cloud infrastructure to feed activity and events that can be further analyzed for vulnerabilities and threats. The information that is gathered can be analyzed through the various analytics rules, queries, and automation to create alerts and assign incidents within Microsoft Sentinel. Incidents are used to provide a single dashboard of potential threats to your company. These incidents are a container of alerts, entities and evidence that is collected through automation and manual investigation. It is your responsibility to define alerts within analytics that create incidents within Microsoft Sentinel. Incidents are assigned properties such as severity and status to allow for quick identification for investigation of potential high-severity alerts. Security analytics within Microsoft…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.