November 13, 2025
▶️ Investigation Failed logins
In this project I create a Microsoft Account, Azure, Microsoft XDR, and Windows 11 virtual machine and ingest the logs into XDR for investigation or tracking logs. After creating the foundation of a simulated SOC environment I set up training logs, create a dashboard, ingest logs, create alert and bookmark logs for future investigation.
Utilized draw.io to create overview of the project. This will help me map out the project which will create a step by step process so I won’t deviate from the project or manage many tasks.
Create Microsoft Azure Account
Setup Billing
Create Windows Virtual Machine
Setup Log Workspace
Setup Microsoft Sentinel
Setup Microsoft XDR
Ingest Training Logs
Create Workbook
Connect Microsoft XDR to Sentinel