Microsoft Sentinel: Cloud SIEM

Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) and Security Orchestration, Automation, and Response (SOAR) platform. It ingests logs and signals from across your entire digital estate — Azure, on-premises, other clouds, and SaaS applications — applies AI and machine learning to detect threats, and helps security analysts investigate and respond to incidents at scale.

Traditional log management tools collect and store logs for compliance and search. A SIEM goes further by correlating events across data sources, applying detection rules to identify attack patterns, and prioritising incidents for human investigation. Sentinel adds the SOAR capability — automating repetitive response actions (like blocking an IP or resetting a password) through playbooks so analysts can focus on complex investigations.