Note: This repository is a community project and does not serve as official Microsoft documentation - feedback and comments are much appreciated. For official Azure Sentinel documentation, click here.
Overview
This repository aims to provide information about security analytics in general, and also in the context of operationalizing it in Azure Sentinel.
Applying the basic principles of product management to a security analytics program can help to structure and ensure that the implementation will achieve the intended outcomes. It is important to:
- First identify the Rationale (why?)
- This will then determine the necessary Requirements (what?)
- Which in turn dictate the appropriate Configurations (how?)
An additional dimension of consideration is the data processing lifecycle, simplified here into three main stages: Capture, Process, Consume.