Microsoft Sentinel

Intelligent security analytics for your entire enterprise.

See and stop threats before they cause harm, with SIEM reinvented for a modern world. Microsoft Sentinel is your birds-eye view across the enterprise. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing costs as much as 48 percent compared to traditional SIEMs.

Collect

Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

 

Detect

Detect previously uncovered threats and minimise false positives using analytics and unparalleled threat intelligence from Microsoft

Investigate

Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

Respond

Respond to incidents rapidly with built-in orchestration and automation of common tasks

Features

Limitless cloud speed and scale

Invest in security, not infrastructure setup and maintenance, with the first cloud-native SIEM from a major cloud provider. Never let a storage limit or a query limit prevent you from protecting your enterprise. Start using Microsoft Sentinel immediately, automatically scale to meet your organisational needs, and pay for only the resources you need. As a cloud-native SIEM, Microsoft Sentinel is 48 percent less expensive and 67 percent faster to deploy than legacy on-premises SIEMs.

AI on your side

Focus on finding real threats quickly. Reduce noise from legitimate events with built-in machine learning and knowledge based on analysing trillions of signals daily. Accelerate proactive threat hunting with pre-built queries based on years of security experience. View a prioritised list of alerts, get correlated analysis of thousands of security events within seconds and visualise the entire scope of every attack. Simplify security operations and speed up threat response with integrated automation and orchestration of common tasks and workflows.

Behaviour analytics to stay ahead of evolving threats

Detect unknown threats and anomalous behaviour of compromised users and insider threats. Get a new level of insight with user and entity profiling that leverages peer analysis, machine learning and Microsoft security expertise. Gain more contextual and behavioural information for threat hunting, investigation and response using the built-in entity behavioural analytics.

Streamlined and cost-effective security data collection

Simplify data collection across different sources, including Azure, on-premises solutions and across clouds using built-in connectors. Connect with data from your Microsoft products in just a few clicks. Import Office 365 audit logs, Azure activity logs and alerts from Microsoft threat protection solutions for free and analyse and draw correlations to deepen your intelligence.

A match for all your tools

Connect to and collect data from all your sources including users, applications, servers and devices running on-premises or in any cloud. Integrate with existing tools, whether business applications, other security products or homegrown tools, and use your own machine-learning models. Optimise for your needs by bringing your own insights, tailored detections, machine learning models and threat intelligence.

A cost-effective, cloud-native SIEM with predictable billing and flexible commitments

Reduce infrastructure costs by automatically scaling resources and only paying for what you use. Save up to 60 percent as compared to pay-as-you-go pricing, through capacity reservation tiers. Receive predictable monthly bills and the flexibility to change your capacity tier commitment every 31 days. Pay nothing extra when you ingest data from Office 365 audit logs, Azure activity logs, and alerts from Microsoft threat protection solutions.