| description |
|---|
SIEM - Security Information Event Management
- Helps find various threats or exposures
SOAR - Security Orchestration Automation Response
- Automatically respond to events
Microsoft Sentinel takes care of the above two bullet points
- Sits on top of a Log Analytics Workspace
- It sits on top of this because all of the information is already flowing through here typically
- Looks at all the logs and signals and adds intelligence on top to give you meaningful insight