Microsoft Sentinel has introduced a significant number of new features and improvement of existing ones since our last diagram update. Some notable ones are increased incident management options, addition of large number of solutions including data connectors, detection rules and workbooks, content management options such as Workspace Manager, centralized data collection rules via the Azure Monitor Agent (AMA) and more advanced integration with the Defender stack.
The one-page diagram is intended to give a quick, 10,000 foot view of the native Microsoft Sentinel capabilities and the various way it can collect data from both cloud and on-premises infrastructure. We would like to emphasize the last part as we frequently encounter the misconception that Microsoft Sentinel is good to monitor the Azure infrastructure while the other components of the hybrid infrastructure (other cloud providers, on-prem and SaaS) have to be covered by other SIEMs. In our view, Microsoft Sentinel provides an enhanced integration with Azure while covering the rest of the potential log sources at least as well as any competing SIEM platform, if not better from all points of view: ease of configuration, performance and costs. Do not hesitate to contact us to discuss any aspects of Microsoft Sentinel and its integration with the hybrid infrastructure.
Click here to download a PDF of the diagram.