Microsoft Sentinel Features

Diagnose and resolve incidents without the need for human interaction.

Guide users through the resolution process and give specific instructions to remedy individual occurrences.

Cuts off network connection or temporarily inactivate applications until incidents are remedied.

Gathers information related to threats in order to gain further information on remedies.

Analyzes incidents, correlates related events, and determines the scope and impact of attacks.

Clearly notifies users with relevant information and anomalies in a timely manner.

Sets a standard performance baseline by which to compare log activity.

Allows platform to scale to size of desired environment and configured with high availability and disaster recovery capabilities.

Information on each incident is stored in databases for user reference and analytics.

Produces reports detailing trends and vulnerabilities related to their network and infrastructure.

Gives alerts when incidents arise. Some responses may be automated, but users will still be informed.

Ability to track incidents, tasks, evidence, and investigation progress within a structured case.

Administrators can organize workflows to guide remedies to specific situations incident types.

Documents the actions from endpoints within a network. Alerts users of incidents and abnormal activities and documents the access point.

Keeps records of each network asset and its activity. Discovers new assets accessing the network.

Provides security information and stores the data in a secure repository for reference.

Alerts users of incidents and allows users to intervene manually or triggers an automated response.

Reduces time spent remedying issues manually. Resolves common network security incidents quickly.

Documents cases of abnormal activity and compromised systems.

Stores information related to common threats and how to resolve them once incidents occur.

Analyzes your existing network and IT infrastructure to outline access points that can be easily compromised.

Allows users to customize analytics with granulized metrics that are pertinent to your specific resources.

Allows users to search databases and incident logs to gain insights on vulnerabilities and incidents.

Visually displays connected applications and integrated data. Allows customization and management of workflow structures.

Streamline the flow of work processes by establishing triggers and alerts that notify and route information to the appropriate people when their action is required within the compensation process.

Reduces time spent remedying issues manually. Resolves common network security incidents quickly.

Constantly monitors logs to detect anomalies in real time.

Integrates additional security tools to automate security and incident response processes.

Collects information from multiple sources to cross reference and build contextual to correlate intelligence.

Stores information related to common threats and how to resolve them once incidents occur.

Offer pre-built and custom reporting and dashboards for quick insights into system states.

Allows users to generate text based on a text prompt.

Condenses long documents or text into a brief summary.

Capability to perform complex tasks without constant human input

Ability to break down and plan multi-step processes

Anticipates needs and offers suggestions without prompting

Makes informed choices based on available data and objectives