{"id":2487,"date":"2025-06-27T01:42:01","date_gmt":"2025-06-26T22:42:01","guid":{"rendered":"https:\/\/www.jussimetso.com\/?p=2487"},"modified":"2025-06-27T09:03:30","modified_gmt":"2025-06-27T06:03:30","slug":"modernizing-your-on-prem-siem-with-microsoft-sentinel-part-1","status":"publish","type":"post","link":"https:\/\/www.jussimetso.com\/index.php\/2025\/06\/27\/modernizing-your-on-prem-siem-with-microsoft-sentinel-part-1\/","title":{"rendered":"Modernizing your on-prem SIEM with Microsoft Sentinel &#8211; part 1"},"content":{"rendered":"<div id=\"bsf_rt_marker\"><\/div>\t\t<div data-elementor-type=\"wp-post\" data-elementor-id=\"2487\" class=\"elementor elementor-2487\" data-elementor-post-type=\"post\">\n\t\t\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-78a438f elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"78a438f\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-941ec72\" data-id=\"941ec72\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-e785009 elementor-toc--minimized-on-tablet elementor-widget elementor-widget-table-of-contents\" data-id=\"e785009\" data-element_type=\"widget\" data-e-type=\"widget\" data-settings=\"{&quot;headings_by_tags&quot;:[&quot;h2&quot;,&quot;h3&quot;,&quot;h4&quot;,&quot;h5&quot;],&quot;exclude_headings_by_selector&quot;:[],&quot;no_headings_message&quot;:&quot;No headings were found on this page.&quot;,&quot;marker_view&quot;:&quot;numbers&quot;,&quot;minimize_box&quot;:&quot;yes&quot;,&quot;minimized_on&quot;:&quot;tablet&quot;,&quot;hierarchical_view&quot;:&quot;yes&quot;,&quot;min_height&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_tablet&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]},&quot;min_height_mobile&quot;:{&quot;unit&quot;:&quot;px&quot;,&quot;size&quot;:&quot;&quot;,&quot;sizes&quot;:[]}}\" data-widget_type=\"table-of-contents.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-toc__header\">\n\t\t\t\t\t\t<h4 class=\"elementor-toc__header-title\">\n\t\t\t\tTable of Contents\t\t\t<\/h4>\n\t\t\t\t\t\t\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--expand\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__e785009\" aria-expanded=\"true\" aria-label=\"Open table of contents\"><i aria-hidden=\"true\" class=\"fas fa-chevron-down\"><\/i><\/div>\n\t\t\t\t<div class=\"elementor-toc__toggle-button elementor-toc__toggle-button--collapse\" role=\"button\" tabindex=\"0\" aria-controls=\"elementor-toc__e785009\" aria-expanded=\"true\" aria-label=\"Close table of contents\"><i aria-hidden=\"true\" class=\"fas fa-chevron-up\"><\/i><\/div>\n\t\t\t\t\t<\/div>\n\t\t\t\t<div id=\"elementor-toc__e785009\" class=\"elementor-toc__body\">\n\t\t\t<div class=\"elementor-toc__spinner-container\">\n\t\t\t\t<i class=\"elementor-toc__spinner eicon-animation-spin eicon-loading\" aria-hidden=\"true\"><\/i>\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d0e5c71 elementor-widget elementor-widget-text-editor\" data-id=\"d0e5c71\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p><span class=\"TextRun SCXW140823191 BCX2\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW140823191 BCX2\">While a<\/span><span class=\"NormalTextRun SCXW140823191 BCX2\">n on-premises SIEM (Security Information and Event Management<\/span><span class=\"NormalTextRun SCXW140823191 BCX2\">)<\/span><span class=\"NormalTextRun SCXW140823191 BCX2\"> requires dedicated hardware, storage, maintenance, and is managed by internal IT or security teams<\/span><span class=\"NormalTextRun SCXW140823191 BCX2\"> and<\/span><span class=\"NormalTextRun SCXW140823191 BCX2\"> t<\/span><span class=\"NormalTextRun SCXW140823191 BCX2\">hey can be complex to manage, with longer deployment times and higher total cost of ownership<\/span><span class=\"NormalTextRun SCXW140823191 BCX2\">.<\/span><\/span><\/p><p><span data-contrast=\"auto\">Have you thought that how you should modernize your SIEM? Is your physical hardware in it\u2019s EOL (end-of-life) and you have need to start thinking to update your current hardware. How about a cloud solution?\u00a0 One good option is to modernize your on-prem SIEM with Microsoft Sentinel.<\/span><\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a6e1c31 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"a6e1c31\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-69d98ec elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"69d98ec\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-0b2dc0d\" data-id=\"0b2dc0d\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-af10543 elementor-widget elementor-widget-heading\" data-id=\"af10543\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What is on-prem SIEM?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-8e494ad elementor-widget elementor-widget-text-editor\" data-id=\"8e494ad\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>An on-premises<strong data-start=\"3\" data-end=\"67\"> Security Information and Event Management (SIEM)<\/strong> system is a security platform deployed and managed within your organization&#8217;s own infrastructure. It collects, analyzes, and correlates log data from various systems and devices to detect security threats, monitor compliance, and support incident response.<\/p><p>In summary you need to:<\/p><ul><li>have a datacenter or some space for your devices<\/li><li>buy racks, servers, network devices, file storage systems or have hypervisor environment like Vmware, Nutanix and build the needed on-prem SIEM vendor setup to those devices.<\/li><li>update devices manually<\/li><li>buy more disk and install them when log space is full.<\/li><\/ul><p>The idea here is you <span style=\"text-decoration: underline;\">need to do all things by yourself and manually<\/span> (or you might have workers to install these) and you need to update them because they get older and might broke randomly. For the setup you need to pay a lot in advance.<\/p><p>After you have your setup done you have to install the siem software and configure it.<\/p><p>And when you have finally got the ready setup you can start thinking and planning to update those on-prem devices with security &amp; OS updated and many more. So lot of work in on-prem.<\/p><ul><li>So why not to start thinking to transfer your on-prem SIEM to automated Cloud\u00a0 SIEM&#8230;<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-16ee339 elementor-widget elementor-widget-image\" data-id=\"16ee339\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t<img fetchpriority=\"high\" decoding=\"async\" width=\"640\" height=\"434\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/onprem-siem.png?fit=640%2C434&amp;ssl=1\" class=\"attachment-large size-large wp-image-2511\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/onprem-siem.png?w=1138&amp;ssl=1 1138w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/onprem-siem.png?resize=300%2C204&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/onprem-siem.png?resize=1024%2C695&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/onprem-siem.png?resize=768%2C521&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/onprem-siem.png?resize=850%2C577&amp;ssl=1 850w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">SOURCE: jussimetso.com<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5dca2fb elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"5dca2fb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-05d6e1a elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"05d6e1a\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-1ecde63\" data-id=\"1ecde63\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-009905f elementor-widget elementor-widget-heading\" data-id=\"009905f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">What is Microsoft Sentinel?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c53958a elementor-widget elementor-widget-text-editor\" data-id=\"c53958a\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) solution built on Microsoft Azure. It helps organizations detect, investigate, and respond to security threats across their entire digital estate \u2014 whether on-premises, in Azure, or across multiple clouds and platforms.<\/p><p><span data-contrast=\"auto\">Sentinel leverages AI, machine learning, and threat intelligence to detect, investigate, and respond to threats quickly and efficiently. With built-in automation, seamless integration with Microsoft Defender XDR, and support for multi-cloud and hybrid environments, Sentinel helps modernize SOC operations while reducing infrastructure complexity and total cost of ownership.<\/span><span data-ccp-props=\"{}\">\u00a0<\/span><\/p><p>It&#8217;s a single point, overview of ALL your data sources which could generate alerts and incidents. You can see these in one place. No need to hop in diffenrent solutions and compile the situation status manually when Sentinel does it automatically.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-f2913f9 elementor-widget elementor-widget-image\" data-id=\"f2913f9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t<img decoding=\"async\" width=\"640\" height=\"454\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_steps.png?fit=640%2C454&amp;ssl=1\" class=\"attachment-large size-large wp-image-2516\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_steps.png?w=1075&amp;ssl=1 1075w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_steps.png?resize=300%2C213&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_steps.png?resize=1024%2C727&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_steps.png?resize=768%2C545&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_steps.png?resize=850%2C603&amp;ssl=1 850w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">SOURCE: Microsoft Security<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-5f06c79 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"5f06c79\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-964264b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"964264b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-f3b9922\" data-id=\"f3b9922\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f3c2d0b elementor-widget elementor-widget-heading\" data-id=\"f3c2d0b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Core capabilities of Microsoft Sentinel<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-1943bf85 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"1943bf85\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-2780d9f2\" data-id=\"2780d9f2\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-61a8821 elementor-widget elementor-widget-heading\" data-id=\"61a8821\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">1. Data Collection at Scale<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-433366b elementor-widget elementor-widget-text-editor\" data-id=\"433366b\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li data-start=\"515\" data-end=\"584\"><p data-start=\"517\" data-end=\"584\">Collects data from cloud, on-premises, and hybrid environments.<\/p><\/li><li data-start=\"585\" data-end=\"705\"><p data-start=\"587\" data-end=\"705\">Supports a wide range of data connectors (e.g., Microsoft 365, Azure AD, AWS, firewalls, endpoint security tools). Look image below.<\/p><\/li><li data-start=\"706\" data-end=\"767\"><p data-start=\"708\" data-end=\"767\">Uses Log Analytics Workspace to store and analyze data.<\/p><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-61e23c3 elementor-widget elementor-widget-image\" data-id=\"61e23c3\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_connectors_spring25-scaled.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"sentinel_connectors_spring25\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjUxNywidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNVwvMDZcL3NlbnRpbmVsX2Nvbm5lY3RvcnNfc3ByaW5nMjUtc2NhbGVkLnBuZyJ9\">\n\t\t\t\t\t\t\t<img decoding=\"async\" width=\"640\" height=\"353\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_connectors_spring25-scaled.png?fit=640%2C353&amp;ssl=1\" class=\"attachment-large size-large wp-image-2517\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_connectors_spring25-scaled.png?w=2560&amp;ssl=1 2560w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_connectors_spring25-scaled.png?resize=300%2C165&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_connectors_spring25-scaled.png?resize=1024%2C564&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_connectors_spring25-scaled.png?resize=768%2C423&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_connectors_spring25-scaled.png?resize=1536%2C845&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_connectors_spring25-scaled.png?resize=2048%2C1127&amp;ssl=1 2048w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_connectors_spring25-scaled.png?resize=850%2C468&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_connectors_spring25-scaled.png?w=1280&amp;ssl=1 1280w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_connectors_spring25-scaled.png?w=1920&amp;ssl=1 1920w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Sentinel data connectors. Spring 2025. SOURCE: Microsoft Security<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-310a023 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"310a023\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-333366b elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"333366b\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-e9173d3\" data-id=\"e9173d3\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0939499 elementor-widget elementor-widget-heading\" data-id=\"0939499\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">2. Advanced Threat Detection<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-7f161ec elementor-widget elementor-widget-text-editor\" data-id=\"7f161ec\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Once you have your data onboarded, Microsoft Sentinel begins monitoring your entire environment to set baselines and begin identifying behaviors that could indicate issues.<\/p><ul data-start=\"806\" data-end=\"1049\"><li>Analytics rule templates are pre-built rule prototypes, designed by Microsoft\u2019s teams of security experts and analysts based on their knowledge of known threats, common attack vectors, and suspicious activity escalation chains.<\/li><li>Supports custom detection rules using Kusto Query Language (KQL).<\/li><li>User entity and behavior analytics (UEBA) is powered by machine learning and helps to generate high fidelity alerts. When enabled, this allows for detection of specific anomalous login behaviors based on IP and geolocation and user history information.<\/li><li>The <a href=\"https:\/\/attack.mitre.org\/\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">MITRE ATT&amp;CK framework<\/span><\/a> is a publicly accessible knowledge base of tactics and techniques commonly used by attackers. The dashboard built into sentinel helps users to visualize the nature of your coverage. It allows you to understand how many detections are currently active in your workspace for a specific technique or search for a technique to review your status<\/li><li>Integrates with <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/siem-and-xdr\/microsoft-defender-threat-intelligence\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Microsoft Threat Intelligence<\/span><\/a> to enhance accuracy.<\/li><li>SOC optimization delivers tailored recommendations to help manage security and business requirements<\/li><li>and lot of more<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-031a8a1 elementor-widget elementor-widget-image\" data-id=\"031a8a1\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"663\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_soc_optimization-1.png?fit=640%2C663&amp;ssl=1\" class=\"attachment-medium_large size-medium_large wp-image-2530\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_soc_optimization-1.png?w=849&amp;ssl=1 849w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_soc_optimization-1.png?resize=290%2C300&amp;ssl=1 290w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_soc_optimization-1.png?resize=768%2C795&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/sentinel_soc_optimization-1.png?resize=300%2C311&amp;ssl=1 300w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">An example of SOC optimization. SOURCE: Microsoft Sentinel<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4d33c6e elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"4d33c6e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-d3e6568 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"d3e6568\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-ad3822f\" data-id=\"ad3822f\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0df97c9 elementor-widget elementor-widget-heading\" data-id=\"0df97c9\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">3. Investigation &amp; Hunting<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-c738082 elementor-widget elementor-widget-text-editor\" data-id=\"c738082\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul><li data-start=\"1088\" data-end=\"1154\">Visual investigation graphs help analysts understand attack paths.<\/li><li data-start=\"1157\" data-end=\"1228\">Threat hunting tools allow proactive exploration using KQL queries.<\/li><li data-start=\"1231\" data-end=\"1293\">Integrates with MITRE ATT&amp;CK framework for threat context.<\/li><li data-start=\"1231\" data-end=\"1293\">Integrates with Microsoft DefenderXDR<\/li><li data-start=\"1231\" data-end=\"1293\">Triage investigations to focus on what matters<\/li><li data-start=\"1231\" data-end=\"1293\">Automatically assign a severity to each incident, based on Machine Learning that takes into account the number of alerts, the entities impacted, threat intelligence and more.<\/li><li data-start=\"1231\" data-end=\"1293\">Provide tags for each incident, to ground analysts in context before even going into an investigation. This includes things such as an attack tactic or whether automatic attack disruption has already taken place.<\/li><li data-start=\"1231\" data-end=\"1293\">and more<\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-74ded91 elementor-widget elementor-widget-image\" data-id=\"74ded91\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t<figure class=\"wp-caption\">\n\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/defenderxdr_attack_story-1-scaled.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"defenderxdr_attack_story\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjUzMywidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNVwvMDZcL2RlZmVuZGVyeGRyX2F0dGFja19zdG9yeS0xLXNjYWxlZC5wbmcifQ%3D%3D\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"356\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/defenderxdr_attack_story-1-scaled.png?fit=640%2C356&amp;ssl=1\" class=\"attachment-large size-large wp-image-2533\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/defenderxdr_attack_story-1-scaled.png?w=2560&amp;ssl=1 2560w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/defenderxdr_attack_story-1-scaled.png?resize=300%2C167&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/defenderxdr_attack_story-1-scaled.png?resize=1024%2C570&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/defenderxdr_attack_story-1-scaled.png?resize=768%2C427&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/defenderxdr_attack_story-1-scaled.png?resize=1536%2C854&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/defenderxdr_attack_story-1-scaled.png?resize=2048%2C1139&amp;ssl=1 2048w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/defenderxdr_attack_story-1-scaled.png?resize=850%2C473&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/defenderxdr_attack_story-1-scaled.png?w=1280&amp;ssl=1 1280w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/defenderxdr_attack_story-1-scaled.png?w=1920&amp;ssl=1 1920w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t<figcaption class=\"widget-image-caption wp-caption-text\">Attack story in DefenderXDR<\/figcaption>\n\t\t\t\t\t\t\t\t\t\t<\/figure>\n\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-a4be024 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"a4be024\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-02c15fb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"02c15fb\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-d712af9\" data-id=\"d712af9\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-6896707 elementor-widget elementor-widget-heading\" data-id=\"6896707\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h3 class=\"elementor-heading-title elementor-size-default\">4. Respond with automation and orchestration (SOAR)<\/h3>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d5a1aeb elementor-widget elementor-widget-text-editor\" data-id=\"d5a1aeb\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Automation is critical to keeping the SOC ahead of attackers. With built-in SOAR, Microsoft Sentinel delivers a number of different types of automations, available out of the box and fully customizable, to help teams to better do their jobs. We have many different types of playbooks available out of the box that are customizable to your unique needs.\u00a0<\/p><p>Enrichment automations can help to automatically add more information to your incidents. This can include matching the IP address used in an alert to known threat actors from your TI, helping you get more context as you dig into what happened.<\/p><p>You can automatically integrate with other tools like ServiceNow to ticket incidents in your organization, and get bidirectional updates. This helps make sure you are on track everywhere you are working to respond.<\/p><p>And, you can automate how you respond to an incident by, for example,\u00a0 creating an a list of commands that are taken whenever a specific type of incident, like phishing happens. This can be done automatically, or triggered by a click of a button, reducing the amount of manual work your analysts must do.<\/p><p data-start=\"1506\" data-end=\"1553\">.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-2c92af0 elementor-widget elementor-widget-image\" data-id=\"2c92af0\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"image.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<a href=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/example_soar_playbook.png?ssl=1\" data-elementor-open-lightbox=\"yes\" data-elementor-lightbox-title=\"example_soar_playbook\" data-e-action-hash=\"#elementor-action%3Aaction%3Dlightbox%26settings%3DeyJpZCI6MjUzNywidXJsIjoiaHR0cHM6XC9cL3d3dy5qdXNzaW1ldHNvLmNvbVwvd3AtY29udGVudFwvdXBsb2Fkc1wvMjAyNVwvMDZcL2V4YW1wbGVfc29hcl9wbGF5Ym9vay5wbmcifQ%3D%3D\">\n\t\t\t\t\t\t\t<img loading=\"lazy\" decoding=\"async\" width=\"640\" height=\"316\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/example_soar_playbook.png?fit=640%2C316&amp;ssl=1\" class=\"attachment-large size-large wp-image-2537\" alt=\"\" srcset=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/example_soar_playbook.png?w=2166&amp;ssl=1 2166w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/example_soar_playbook.png?resize=300%2C148&amp;ssl=1 300w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/example_soar_playbook.png?resize=1024%2C505&amp;ssl=1 1024w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/example_soar_playbook.png?resize=768%2C379&amp;ssl=1 768w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/example_soar_playbook.png?resize=1536%2C757&amp;ssl=1 1536w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/example_soar_playbook.png?resize=2048%2C1010&amp;ssl=1 2048w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/example_soar_playbook.png?resize=850%2C419&amp;ssl=1 850w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/example_soar_playbook.png?w=1280&amp;ssl=1 1280w, https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/06\/example_soar_playbook.png?w=1920&amp;ssl=1 1920w\" sizes=\"(max-width: 640px) 100vw, 640px\" \/>\t\t\t\t\t\t\t\t<\/a>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-72ef9fa elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"72ef9fa\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-4bafcbb elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"4bafcbb\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-37699ef\" data-id=\"37699ef\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-0bea3c2 elementor-widget elementor-widget-heading\" data-id=\"0bea3c2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Key benefits using Microsoft Sentinel<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4fb7b1d elementor-widget elementor-widget-text-editor\" data-id=\"4fb7b1d\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<table class=\"w-fit min-w-(--thread-content-width)\" data-start=\"1829\" data-end=\"2266\"><thead data-start=\"1829\" data-end=\"1854\"><tr data-start=\"1829\" data-end=\"1854\"><th data-start=\"1829\" data-end=\"1839\" data-col-size=\"sm\">Benefit<\/th><th data-start=\"1839\" data-end=\"1854\" data-col-size=\"md\">Description<\/th><\/tr><\/thead><tbody data-start=\"1880\" data-end=\"2266\"><tr data-start=\"1880\" data-end=\"1954\"><td data-start=\"1880\" data-end=\"1899\" data-col-size=\"sm\"><strong data-start=\"1882\" data-end=\"1898\">Cloud-native<\/strong><\/td><td data-start=\"1899\" data-end=\"1954\" data-col-size=\"md\">No hardware or complex setup; scales automatically.<\/td><\/tr><tr data-start=\"1955\" data-end=\"2026\"><td data-start=\"1955\" data-end=\"1980\" data-col-size=\"sm\"><strong data-start=\"1957\" data-end=\"1979\">Unified visibility<\/strong><\/td><td data-start=\"1980\" data-end=\"2026\" data-col-size=\"md\">Centralizes data from across environments.<\/td><\/tr><tr data-start=\"2027\" data-end=\"2095\"><td data-start=\"2027\" data-end=\"2044\" data-col-size=\"sm\"><strong data-start=\"2029\" data-end=\"2043\">AI-powered<\/strong><\/td><td data-start=\"2044\" data-end=\"2095\" data-col-size=\"md\">Reduces false positives and improves detection.<\/td><\/tr><tr data-start=\"2096\" data-end=\"2160\"><td data-start=\"2096\" data-end=\"2121\" data-col-size=\"sm\"><strong data-start=\"2098\" data-end=\"2120\">Automated response<\/strong><\/td><td data-start=\"2121\" data-end=\"2160\" data-col-size=\"md\">Fast, consistent incident handling.<\/td><\/tr><tr data-start=\"2161\" data-end=\"2266\"><td data-start=\"2161\" data-end=\"2185\" data-col-size=\"sm\"><strong data-start=\"2163\" data-end=\"2184\">Integration-ready<\/strong><\/td><td data-start=\"2185\" data-end=\"2266\" data-col-size=\"md\">Works well with Microsoft 365 Defender, third-party security tools, and APIs.<\/td><\/tr><\/tbody><\/table>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-4ffd0ab elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"4ffd0ab\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-46a3cf8 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"46a3cf8\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-c0d3757\" data-id=\"c0d3757\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-d2acd0f elementor-widget elementor-widget-heading\" data-id=\"d2acd0f\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Who should use Sentinel as Cloud SIEM?<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-be2cb4e elementor-widget elementor-widget-text-editor\" data-id=\"be2cb4e\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<ul data-start=\"2309\" data-end=\"2594\"><li data-start=\"2309\" data-end=\"2367\"><p data-start=\"2311\" data-end=\"2367\">Enterprises with hybrid or multi-cloud environments.<\/p><\/li><li data-start=\"2368\" data-end=\"2436\"><p data-start=\"2370\" data-end=\"2436\">Organizations needing real-time threat detection and response.<\/p><\/li><li data-start=\"2437\" data-end=\"2502\"><p data-start=\"2439\" data-end=\"2502\">SOC teams looking to streamline and scale their operations.<\/p><\/li><li data-start=\"2503\" data-end=\"2594\"><p data-start=\"2505\" data-end=\"2594\">Companies aiming to reduce infrastructure and licensing complexity from legacy SIEMs.<\/p><\/li><li data-start=\"2503\" data-end=\"2594\"><p data-style=\"TEI Cover Page - Subtitle\" data-linkedcontent=\"AssetSubTitle\"><a href=\"https:\/\/tei.forrester.com\/go\/microsoft\/microsoft_sentinel\/?lang=en-us\" target=\"_blank\" rel=\"noopener\"><span style=\"text-decoration: underline;\">Read the FORRESTER post of Total economic impact of using Microsoft Sentinel<\/span><\/a><\/p><\/li><\/ul>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-d6bfe97 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"d6bfe97\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-35a04f7 elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"35a04f7\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-77fb763\" data-id=\"77fb763\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-f4bea23 elementor-widget elementor-widget-heading\" data-id=\"f4bea23\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"heading.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t<h2 class=\"elementor-heading-title elementor-size-default\">Summary<\/h2>\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-90a8abf elementor-widget elementor-widget-text-editor\" data-id=\"90a8abf\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"text-editor.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t\t\t<p>Here was in short what are the advantages of Microsoft Sentinel the cloud siem vs on-prem siem.<\/p><p>In next part I will describe some steps how the transfer is actually done.<\/p>\t\t\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t<div class=\"elementor-element elementor-element-b0de1d2 elementor-widget-divider--view-line elementor-widget elementor-widget-divider\" data-id=\"b0de1d2\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"divider.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-divider\">\n\t\t\t<span class=\"elementor-divider-separator\">\n\t\t\t\t\t\t<\/span>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<section class=\"elementor-section elementor-top-section elementor-element elementor-element-749c896d elementor-section-boxed elementor-section-height-default elementor-section-height-default\" data-id=\"749c896d\" data-element_type=\"section\" data-e-type=\"section\">\n\t\t\t\t\t\t<div class=\"elementor-container elementor-column-gap-default\">\n\t\t\t\t\t<div class=\"elementor-column elementor-col-100 elementor-top-column elementor-element elementor-element-343fc231\" data-id=\"343fc231\" data-element_type=\"column\" data-e-type=\"column\">\n\t\t\t<div class=\"elementor-widget-wrap elementor-element-populated\">\n\t\t\t\t\t\t<div class=\"elementor-element elementor-element-50e215f6 elementor-widget elementor-widget-author-box\" data-id=\"50e215f6\" data-element_type=\"widget\" data-e-type=\"widget\" data-widget_type=\"author-box.default\">\n\t\t\t\t<div class=\"elementor-widget-container\">\n\t\t\t\t\t\t\t<div class=\"elementor-author-box\">\n\t\t\t\t\t\t\t<div  class=\"elementor-author-box__avatar\">\n\t\t\t\t\t<img decoding=\"async\" src=\"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2024\/07\/jussi_06_2024.jpg?fit=262%2C300&#038;ssl=1\" alt=\"Picture of Jussi Metso\" loading=\"lazy\">\n\t\t\t\t<\/div>\n\t\t\t\n\t\t\t<div class=\"elementor-author-box__text\">\n\t\t\t\t\t\t\t\t\t<div >\n\t\t\t\t\t\t<h6 class=\"elementor-author-box__name\">\n\t\t\t\t\t\t\tJussi Metso\t\t\t\t\t\t<\/h6>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t\t\t<div class=\"elementor-author-box__bio\">\n\t\t\t\t\t\t<p>Author is a lifelong IT enthusiast, Microsoft Security MVP and interested in Cloud Security, XDR, SIEM and AI. Motto: Learning is the key for your future. <\/p>\n\t\t\t\t\t<\/div>\n\t\t\t\t\n\t\t\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t\t<\/div>\n\t\t\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/div>\n\t\t\t\t\t<\/div>\n\t\t<\/section>\n\t\t\t\t<\/div>\n\t\t","protected":false},"excerpt":{"rendered":"<p>Are you wondering to transfer your classic on-prem SIEM to fancy and modernized cloud SIEM. Read my suggestions of the advances of Microsoft Sentinel<\/p>\n","protected":false},"author":1,"featured_media":2489,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"advanced_seo_description":"","jetpack_seo_html_title":"","jetpack_seo_noindex":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":true,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[10,21],"tags":[42,41,43],"class_list":["post-2487","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-sentinel","category-xdr","tag-sentinel","tag-siem","tag-soc"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/www.jussimetso.com\/wp-content\/uploads\/2025\/05\/onpremsiemtocloudsiem-1.png?fit=768%2C512&ssl=1","jetpack_shortlink":"https:\/\/wp.me\/pes24X-E7","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/2487","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/comments?post=2487"}],"version-history":[{"count":35,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/2487\/revisions"}],"predecessor-version":[{"id":2553,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/posts\/2487\/revisions\/2553"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/media\/2489"}],"wp:attachment":[{"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/media?parent=2487"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/categories?post=2487"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.jussimetso.com\/index.php\/wp-json\/wp\/v2\/tags?post=2487"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}