- Lab
- Cloud

Investigate Windows Security Events with Microsoft Sentinel
Microsoft Sentinel is a cloud-native SIEM (security information and event management) solution with SOAR (security orchestration, automation, and response) capabilities. You can use Microsoft Sentinel to collect, detect, investigate, and respond to security threats across your infrastructure. In this lab, you will deploy Microsoft Sentinel, generate some security alerts, and investigate those alerts.

Path Info
Table of Contents
-
Challenge
Deploy Microsoft Sentinel
Enable Microsoft Sentinel on the existing Log Analytics workspace.
-
Challenge
Add the Windows Security Events Solution
Add the Windows Security Events solution to Microsoft Sentinel from the content hub.
-
Challenge
Configure Data Connector
Configure the Windows Security Events data connector to collect data from the existing Windows VM.
-
Challenge
Simulate Security Events
You will simulate some events to test the rules.
-
Challenge
Investigate the Incidents
Investigate the incidents in Microsoft Sentinel using the investigation graph.
-
Challenge
Configure Analytics Rules
You will add and configure analytics rules.
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.
Provided environment for hands-on practice
We will provide the credentials and environment necessary for you to practice right within your browser.
Guided walkthrough
Follow along with the author’s guided walkthrough and build something new in your provided environment!
Did you know?
On average, you retain 75% more of your learning if you get time for practice.