SC-200 - Manage a Security Operations Environment - Section 1.6
Ingest Azure activity, threat indicators, and custom log data into the Microsoft Sentinel workspace.
Ingest Azure activity logs into Microsoft Sentinel using Azure Policy and resource diagnostic settings, and import threat indicators to enrich analytics rules with up-to-date intelligence. Create custom log tables for non-standard sources and choose between Analytics and Basic Logs table plans based on query frequency and retention needs.
Azure activities by using Azure Policy and resource diagnostic settingsthreat indicators ingestioncustom log tablestable plans and basic logs
More in this domain
Back to all Manage a Security Operations Environment objectives, or the SC-200 cert hub.
Examworthy is not affiliated with or endorsed by Microsoft. Original, blueprint-aligned practice material only.