Complete the code to create an Azure Sentinel workspace in Azure.
az monitor log-analytics workspace create --resource-group myResourceGroup --workspace-name [1] --location eastusThe workspace name is required to create an Azure Sentinel workspace. It must be unique within the resource group.
Complete the code to enable data connectors for Azure Sentinel.
az sentinel data-connector [1] create --resource-group myResourceGroup --workspace-name myWorkspaceSecurityEvents is a common data connector type used to collect security logs into Azure Sentinel.
Fix the error in the Kusto query to find failed sign-in attempts in Azure Sentinel logs.
SigninLogs | where ResultType [1] 0
Failed sign-in attempts have a ResultType not equal to 0, which means failure.
Fill both blanks to create an alert rule that triggers on multiple failed sign-ins.
SigninLogs | where ResultType [1] 0 | summarize count() by UserPrincipalName | where count_ [2] 5
The query filters failed sign-ins (ResultType != 0) and triggers when count is greater than 5.
Fill all three blanks to create a playbook trigger for an Azure Sentinel alert.
az sentinel alert-rule analytics create --resource-group myResourceGroup --workspace-name myWorkspace --display-name [1] --severity [2] --enabled [3]
The alert is named HighAlert, has severity High, and is enabled (true) to trigger the playbook.