Microsoft Azure & Sentinel SIEM Lab
Overview
As part of a hands-on cybersecurity lab, I configured and deployed Microsoft Sentinel within an Azure environment to simulate and detect a brute-force attack. The project involved setting up a Windows honeypot virtual machine, configuring log ingestion using Azure Monitor Agent, and developing custom KQL queries to identify suspicious activity, such as repeated failed login attempts.
To enhance threat context, I incorporated a custom IP geolocation watchlist and created a visual threat map using Sentinel Workbooks, clearly identifying the origin of the attack. This lab helped solidify my understanding of SIEM operations, log analysis, and incident response workflows, while also demonstrating how enriched data and automation can support faster threat detection in real-world environments.