From the course: Implementing and Administering Microsoft Sentinel
Join today to access over 24,300 courses taught by industry experts.
Investigating incidents
From the course: Implementing and Administering Microsoft Sentinel
Investigating incidents
- [Instructor] Now we're going to take a look at investigating incidents in Microsoft Sentinel, focusing on the investigation graph. Now, before we do, I want to talk for a moment about delegating permissions to Sentinel for your team to access the appropriate areas of Sentinel for their role. So we have three primary roles intended for users. We have Microsoft Sentinel Reader, which is exactly what it sounds like. They can read data, incidents, workbooks, and other Sentinel resources. They can't see certain administrative areas. We have Microsoft Sentinel Responder, which is a role that can in addition to all of the above manage incidents, assign incidents, dismiss them, et cetera. So it's cumulative. And then the Microsoft Sentinel Contributor, which can perform all of the actions of the two previous roles but can also create and edit workbooks, analytics rules and other Sentinel resources. And then we have a fourth role, which allows Microsoft Sentinel to add playbooks to…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.