Discover sensitive Key Vault operations with Microsoft Sentinel

This article explains how to leverage Microsoft Sentinel's Azure Key Vault Security workbook to monitor and analyze sensitive operations in Azure Key Vaults. It covers prerequisites like data source connectors for Azure Security Center and Azure Diagnostics, then walks through the workbook's three main tabs: Azure Defender for Key Vault alerts, analytics over Key Vault events, and Key Vault monitoring. The guide shows how to view alerts, detect anomalies, analyze diagnostic logs coverage, and identify mass secret retrieval patterns. It emphasizes reducing troubleshooting time by using ready-made templates for security event analysis and anomaly detection.