Summary

In this chapter, we explored the Azure Monitor Log Analytics solution, including how to create a new workspace using the Azure portal, PowerShell, or CLI, and how to configure the security options to ensure each user has the appropriate level of access. We also looked at how to connect a data source and configure some of the advanced settings. This information is very useful when you need to first configure Azure Sentinel, and in the future if you need to make any changes to the Log Analytics platform supporting your operational and business needs.

In the next chapter, we will look at how to select data that is most useful for security threat hunting, which connectors to use in order to gather the data from any system, and the options available to enable long-term data retention while keeping costs under control.