SC-200: Connect logs to Microsoft Sentinel
At a glance
- 
	Level 
- 
	Skill  
- 
	Subject 
Connect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds to Microsoft Sentinel. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst.
Prerequisites
- Knowledge of using KQL in Microsoft Sentinel like you could learn from learning path SC-200: Create queries for Azure Sentinel using Kusto Query Language (KQL)
- Knowledge of Microsoft Sentinel environment configuration like you could learn from learning path SC-200: Configure your Microsoft Sentinel environment
Get started with Azure
Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.
Achievement Code
Would you like to request an achievement code?
Modules in this learning path
The primary approach to connect log data is using the Microsoft Sentinel provided data connectors. This module provides an overview of the available data connectors.
Learn how to connect Microsoft 365 and Azure service logs to Microsoft Sentinel.
Learn about the configuration options and data provided by Microsoft Sentinel connectors for Microsoft Defender XDR.
Two of the most common logs to collect are Windows security events and Sysmon. Learn how Microsoft Sentinel makes this easy with the Microsoft Windows Events data connectors.
Most vendor-provided connectors utilize the CEF connector. Learn about the Common Event Format (CEF) connector's configuration options.
Learn about the Azure Monitor Agent Linux Syslog Data Collection Rule configuration options, which enable you to parse Syslog data.
Learn how to connect Threat Intelligence Indicators to the Microsoft Sentinel workspace using the provided data connectors.