I published this blog originally a few years ago but we still have newcomers joining us in the Sentinel world so though it was worth a repost. If you know any noobies, feel free to share it with them. Microsoft's new(ish) cloud-based SIEM, Azure Sentinel, is a powerful solution that lets you collect security data cross an entire organization including devices, users, apps, servers in any cloud - which means that there are a lot of working parts. When I first looked at the management page, I was confused by the fact that many of the terms are so similar. There are Workbooks. There are Playbooks. And there are Notebooks. What's a girl to do?