I have been assisting some Microsoft-based clients with their use of the Microsoft stack, so I may emphasize some of their tools as I write new blogs and research ways to help customers leverage more of the tools they already pay for or might not have to spend much more on. I am not going to discuss the best-in-breed versus best-value options within existing footprints; I’m just sharing that others can use it too.

Microsoft Sentinel is a good SIEM (Security Information and Event Management) tool designed to help organizations bring together, analyze, and visualize their security data seamlessly. By integrating DHCP logs into Sentinel, you can uncover valuable insights about your network activity. In this guide, we’ll take you step-by-step through the exciting process of connecting DHCP data sources to Microsoft Sentinel, using Kusto Query Language (KQL) to query your data, and creating custom dashboards that really suit your needs!

Step 1: Connect DHCP Logs to Microsoft Sentinel

1.1 Pre…