SlideShare a Scribd company logo

Azure Sentinel Introduction

Robert Crane
Robert Crane

April 2021 presentation to Brisbane Azure User group

Internet
1 of 18
Download to read offline
Introduction to Azure Sentinel April 2021 @directorcia http://about.me/ciaops
Acronyms •SIEM – Security Information and Event Management •SOAR – Security, Orchestration, Automation and Response
Introducing Microsoft Azure Sentinel Cloud-native SIEM for intelligent security analytics for your entire enterprise Limitless cloud speed and scale Bring your Office 365 + M365 Alerts for Free Easy integration with your existing tools Faster threat protection with AI by your side Respond Rapidly and automate protection Detect Threats with vast threat intelligence & AI Collect Security data across your enterprise Investigate Critical incidents guided by AI Azure Sentinel Cloud-native SIEM+SOAR
Enrichment with Intelligence (Geo location, IP Reputation) Core capabilities © Microsoft Corporation Azure Microsoft Services Public Clouds Security solutions Integrate ServiceNow Community Other tools Apps, users, infrastructure Collect Automate & orchestrate response Playbooks Investigate & hunt suspicious activities Interactive Attack Visualization, Azure Notebooks Analyze & detect threats Machine learning, UEBA Data Search Data Repository Azure Monitor (log analytics) Data Ingestion
What is Azure Sentinel? Traditional No infrastructure costs, Only pay for what you use Predictable Billing with capacity reservations Flexible model, no annual commitments Free ingestion for O365 Audit Logs, Azure Activity Logs and M365 Security Alerts Sentinel Cloud-native, scalable SIEM Hardware setup Maintenance Software setup
And how it plays into the larger story… Pre-wired integration with Microsoft solutions Connectors for many partner solutions Standard log format support for all sources Proven log platform with more than 10 petabytes of daily ingestion
Workspace Design (Single Tenant)
Workspace Design (Multi-Tenant) Azure Lighthouse
All the ways data gets in Workspace Azure Sentinel Custom App Appliances (Integrated) Azure Services (Diagnostic Logs) AAD, AAD IP, Azure Activity, AIP, ASC, AzWAF, … Threat Intelligence (via Graph Security API) MISP, Palo Alto…. Logic App – Send Data Connector Cloud Services w/ Connector O365, MCAS, AATP, MDATP, AWS Windows Agent Linux Agent Linux Agent – Configured for CEF Appliances (CEF) P U S H P U S H P U S H P U L L Rest API P U S H
CEF architecture On prem Syslog Over UDP, TCP, or TLS default port: 514
Data Collectors (Quick Wins) Enable 1st Party Connectors that are running in the environment Most are free ▪ O365 ▪ Azure Activity ▪ 1st Party Alerts – MCAS, AATP, MDATP, AAD IP Connect AWS Connect / Configure Azure Diagnostic Logs (Policy) Deploy Windows/Linux Agent in Azure (built-in Policy)
Data Collectors (Next Steps) Deploy Windows/Linux Agent on-prem / other clouds Deploy CEF Collection ▪ Configure CEF collector using configuration script ▪ Configure source devices – ensure they support RFC and CEF. ▪ See the “Grand List” https://techcommunity.microsoft.com/t5/Azure- Sentinel/Azure-Sentinel-The-Syslog-and-CEF-source- configuration-grand/ba-p/803891 Integrate Threat Intelligence
Resources • Sentinel Quickstart - https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard • Connect data sources - https://docs.microsoft.com/en-us/azure/sentinel/connect-data- sources • Tutorial: Investigate incidents – https://docs.microsoft.com/en-us/azure/sentinel/tutorial- investigate-cases • Become an Azure Sentinel Ninja – https://techcommunity.microsoft.com/t5/azure- sentinel/become-an-azure-sentinel-ninja-the-complete-level-400-training/ba-p/1246310 • Azure Sentinel on Microsoft Learn - https://techcommunity.microsoft.com/t5/itops-talk- blog/learn-azure-sentinel-on-microsoft-learn/ba-p/2006346 • Visualise your data - https://docs.microsoft.com/en-us/azure/sentinel/tutorial-monitor- your-data • Azure Sentinel Workbooks 101 - https://techcommunity.microsoft.com/t5/azure- sentinel/azure-sentinel-workbooks-101-with-sample-workbook/ba-p/1409216
CIAOPS Resources • Blog – http://blog.ciaops.com • Github – http://github.com/directorcia • Free Office 365, Azure Administration newsletter – http://bit.ly/cia-o365-tech • Free Office 365, Azure video tutorials – http://www.youtube.com/directorciaops • Free documents, presentations, eBooks – http://slideshare.net/directorcia • Office 365, Azure, Cloud podcast – http://ciaops.podbean.com • Office 365, Azure online training courses – http://www.ciaopsacademy.com • Office 365 and Azure community – http://www.ciaopspatron.com Twitter @directorcia Facebook https://www.facebook.com/ciaops Email director@ciaops.com Teams admin@ciaops365.com

Recommended

Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure SentinelBGA Cyber Security
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure SentinelCheah Eng Soon
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...carlitocabana
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Matt Soseman
 

Recommended

Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure SentinelBGA Cyber Security
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure SentinelCheah Eng Soon
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...carlitocabana
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Matt Soseman
 
Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionDavid J Rosenthal
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelCheah Eng Soon
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overviewgjuljo
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinelMarius Sandbu
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips Mario Worwell
 
Elastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElasticsearch
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansDavid J Rosenthal
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewDavid J Rosenthal
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfKranthi Aragonda
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Let's Talk About: Azure Monitor
Let's Talk About: Azure MonitorLet's Talk About: Azure Monitor
Let's Talk About: Azure MonitorPedro Sousa
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security PlatformPituphong Yavirach
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinelAdam Ochs
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Research
 

More Related Content

What's hot

Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Kangaroot
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionDavid J Rosenthal
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelCheah Eng Soon
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM AlienVault
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsVignesh Ganesan I Microsoft MVP
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overviewgjuljo
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips Mario Worwell
 
Elastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElasticsearch
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansDavid J Rosenthal
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfKranthi Aragonda
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Let's Talk About: Azure Monitor
Let's Talk About: Azure MonitorLet's Talk About: Azure Monitor
Let's Talk About: Azure MonitorPedro Sousa
 

What's hot (20)

Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)Elastic SIEM (Endpoint Security)
Elastic SIEM (Endpoint Security)
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat Protection
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
 
Beginner's Guide to SIEM
Beginner's Guide to SIEM Beginner's Guide to SIEM
Beginner's Guide to SIEM
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
 
Azure Monitoring Overview
Azure Monitoring OverviewAzure Monitoring Overview
Azure Monitoring Overview
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
 
Elastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyoneElastic Security: Unified protection for everyone
Elastic Security: Unified protection for everyone
 
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 PlansMicrosoft Security - New Capabilities In Microsoft 365 E5 Plans
Microsoft Security - New Capabilities In Microsoft 365 E5 Plans
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdfMicrosoft Sentinel- a cloud native SIEM & SOAR.pdf
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Let's Talk About: Azure Monitor
Let's Talk About: Azure MonitorLet's Talk About: Azure Monitor
Let's Talk About: Azure Monitor
 
Wazuh Security Platform
Wazuh Security PlatformWazuh Security Platform
Wazuh Security Platform
 

Similar to Azure Sentinel Introduction

Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinelAdam Ochs
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Research
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxJustineGarcia32
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelSamik Roy
 
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a RockstarRencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a RockstarRencore
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityBruno Capuano
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Community
 
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)Amazon Web Services
 
MongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoT
MongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoTMongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoT
MongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoTMongoDB
 
NVS_Sentinel
NVS_SentinelNVS_Sentinel
NVS_SentinelMike Mihm
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS SecurityAmazon Web Services
 
Azure Sentinel with Office 365
Azure Sentinel with Office 365Azure Sentinel with Office 365
Azure Sentinel with Office 365Cheah Eng Soon
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsFredBrandonAuthorMCP
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsEvident.io
 
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureUsing Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureCloudVillage
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureJose Hernandez
 
Architecting IoT solutions with Microsoft Azure
Architecting IoT solutions with Microsoft AzureArchitecting IoT solutions with Microsoft Azure
Architecting IoT solutions with Microsoft AzureAlon Fliess
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security CenterMicrosoft
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS SecurityAmazon Web Services
 

Similar to Azure Sentinel Introduction (20)

Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinel
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptx
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinel
 
L400-P1 Overview.pdf
L400-P1 Overview.pdfL400-P1 Overview.pdf
L400-P1 Overview.pdf
 
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a RockstarRencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure security
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
 
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
 
MongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoT
MongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoTMongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoT
MongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoT
 
NVS_Sentinel
NVS_SentinelNVS_Sentinel
NVS_Sentinel
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS Security
 
Azure Sentinel with Office 365
Azure Sentinel with Office 365Azure Sentinel with Office 365
Azure Sentinel with Office 365
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security Solutions
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureUsing Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
 
Architecting IoT solutions with Microsoft Azure
Architecting IoT solutions with Microsoft AzureArchitecting IoT solutions with Microsoft Azure
Architecting IoT solutions with Microsoft Azure
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
 
Getting Started with AWS Security
Getting Started with AWS SecurityGetting Started with AWS Security
Getting Started with AWS Security
 

More from Robert Crane

September 2023 CIAOPS Need to Know Webinar
September 2023 CIAOPS Need to Know WebinarSeptember 2023 CIAOPS Need to Know Webinar
September 2023 CIAOPS Need to Know WebinarRobert Crane
 
August 2023 CIAOPS Need to Know Webinar
August 2023 CIAOPS Need to Know WebinarAugust 2023 CIAOPS Need to Know Webinar
August 2023 CIAOPS Need to Know WebinarRobert Crane
 
July 2023 CIAOPS Need to Know Webinar
July 2023 CIAOPS Need to Know WebinarJuly 2023 CIAOPS Need to Know Webinar
July 2023 CIAOPS Need to Know WebinarRobert Crane
 
June 2023 CIAOPS Need to Know Webinar
June 2023 CIAOPS Need to Know WebinarJune 2023 CIAOPS Need to Know Webinar
June 2023 CIAOPS Need to Know WebinarRobert Crane
 
May 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know WebinarMay 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know WebinarRobert Crane
 
April 2023 CIAOPS Need to Know Webinar
April 2023 CIAOPS Need to Know WebinarApril 2023 CIAOPS Need to Know Webinar
April 2023 CIAOPS Need to Know WebinarRobert Crane
 
March 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know WebinarMarch 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know WebinarRobert Crane
 
January 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know WebinarJanuary 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know WebinarRobert Crane
 
December 2022 CIAOPS Need to Know Webinar
December 2022 CIAOPS Need to Know WebinarDecember 2022 CIAOPS Need to Know Webinar
December 2022 CIAOPS Need to Know WebinarRobert Crane
 
November 2022 CIAOPS Need to Know Webinar
November 2022 CIAOPS Need to Know WebinarNovember 2022 CIAOPS Need to Know Webinar
November 2022 CIAOPS Need to Know WebinarRobert Crane
 
October 2022 CIAOPS Need to Know Webinar
October 2022 CIAOPS Need to Know WebinarOctober 2022 CIAOPS Need to Know Webinar
October 2022 CIAOPS Need to Know WebinarRobert Crane
 
September 2022 CIAOPS Need to Know Webinar
September 2022 CIAOPS Need to Know WebinarSeptember 2022 CIAOPS Need to Know Webinar
September 2022 CIAOPS Need to Know WebinarRobert Crane
 
August 2022 CIAOPS Need to Know Webinar
August 2022 CIAOPS Need to Know WebinarAugust 2022 CIAOPS Need to Know Webinar
August 2022 CIAOPS Need to Know WebinarRobert Crane
 
July 2022 CIAOPS Need to Know Webinar
July 2022 CIAOPS Need to Know WebinarJuly 2022 CIAOPS Need to Know Webinar
July 2022 CIAOPS Need to Know WebinarRobert Crane
 
June 2022 CIAOPS Need to Know Webinar
June 2022 CIAOPS Need to Know WebinarJune 2022 CIAOPS Need to Know Webinar
June 2022 CIAOPS Need to Know WebinarRobert Crane
 
May 2022 CIAOPS Need to Know Webinar
May 2022 CIAOPS Need to Know WebinarMay 2022 CIAOPS Need to Know Webinar
May 2022 CIAOPS Need to Know WebinarRobert Crane
 
April 2022 CIAOPS Need to Know Webinar
April 2022 CIAOPS Need to Know WebinarApril 2022 CIAOPS Need to Know Webinar
April 2022 CIAOPS Need to Know WebinarRobert Crane
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for BusinessRobert Crane
 
March 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know WebinarMarch 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know WebinarRobert Crane
 

More from Robert Crane (20)

202310
202310202310
202310
 
September 2023 CIAOPS Need to Know Webinar
September 2023 CIAOPS Need to Know WebinarSeptember 2023 CIAOPS Need to Know Webinar
September 2023 CIAOPS Need to Know Webinar
 
August 2023 CIAOPS Need to Know Webinar
August 2023 CIAOPS Need to Know WebinarAugust 2023 CIAOPS Need to Know Webinar
August 2023 CIAOPS Need to Know Webinar
 
July 2023 CIAOPS Need to Know Webinar
July 2023 CIAOPS Need to Know WebinarJuly 2023 CIAOPS Need to Know Webinar
July 2023 CIAOPS Need to Know Webinar
 
June 2023 CIAOPS Need to Know Webinar
June 2023 CIAOPS Need to Know WebinarJune 2023 CIAOPS Need to Know Webinar
June 2023 CIAOPS Need to Know Webinar
 
May 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know WebinarMay 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know Webinar
 
April 2023 CIAOPS Need to Know Webinar
April 2023 CIAOPS Need to Know WebinarApril 2023 CIAOPS Need to Know Webinar
April 2023 CIAOPS Need to Know Webinar
 
March 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know WebinarMarch 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know Webinar
 
January 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know WebinarJanuary 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know Webinar
 
December 2022 CIAOPS Need to Know Webinar
December 2022 CIAOPS Need to Know WebinarDecember 2022 CIAOPS Need to Know Webinar
December 2022 CIAOPS Need to Know Webinar
 
November 2022 CIAOPS Need to Know Webinar
November 2022 CIAOPS Need to Know WebinarNovember 2022 CIAOPS Need to Know Webinar
November 2022 CIAOPS Need to Know Webinar
 
October 2022 CIAOPS Need to Know Webinar
October 2022 CIAOPS Need to Know WebinarOctober 2022 CIAOPS Need to Know Webinar
October 2022 CIAOPS Need to Know Webinar
 
September 2022 CIAOPS Need to Know Webinar
September 2022 CIAOPS Need to Know WebinarSeptember 2022 CIAOPS Need to Know Webinar
September 2022 CIAOPS Need to Know Webinar
 
August 2022 CIAOPS Need to Know Webinar
August 2022 CIAOPS Need to Know WebinarAugust 2022 CIAOPS Need to Know Webinar
August 2022 CIAOPS Need to Know Webinar
 
July 2022 CIAOPS Need to Know Webinar
July 2022 CIAOPS Need to Know WebinarJuly 2022 CIAOPS Need to Know Webinar
July 2022 CIAOPS Need to Know Webinar
 
June 2022 CIAOPS Need to Know Webinar
June 2022 CIAOPS Need to Know WebinarJune 2022 CIAOPS Need to Know Webinar
June 2022 CIAOPS Need to Know Webinar
 
May 2022 CIAOPS Need to Know Webinar
May 2022 CIAOPS Need to Know WebinarMay 2022 CIAOPS Need to Know Webinar
May 2022 CIAOPS Need to Know Webinar
 
April 2022 CIAOPS Need to Know Webinar
April 2022 CIAOPS Need to Know WebinarApril 2022 CIAOPS Need to Know Webinar
April 2022 CIAOPS Need to Know Webinar
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
 
March 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know WebinarMarch 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know Webinar
 

Recently uploaded

Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Lucknow
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa494f574xmv
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书zdzoqco
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一Fs
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMartaLoveguard
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Sonam Pathan
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxDyna Gilbert
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationLinaWolf1
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMgdsc13
 

Recently uploaded (20)

Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja VipCall Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
Call Girls Service Adil Nagar 7001305949 Need escorts Service Pooja Vip
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Film cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasaFilm cover research (1).pptxsdasdasdasdasdasa
Film cover research (1).pptxsdasdasdasdasdasa
 
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
办理多伦多大学毕业证成绩单|购买加拿大UTSG文凭证书
 
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
定制(Management毕业证书)新加坡管理大学毕业证成绩单原版一比一
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
Magic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptxMagic exist by Marta Loveguard - presentation.pptx
Magic exist by Marta Loveguard - presentation.pptx
 
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
Call Girls In The Ocean Pearl Retreat Hotel New Delhi 9873777170
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
Top 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptxTop 10 Interactive Website Design Trends in 2024.pptx
Top 10 Interactive Website Design Trends in 2024.pptx
 
PHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 DocumentationPHP-based rendering of TYPO3 Documentation
PHP-based rendering of TYPO3 Documentation
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Git and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITMGit and Github workshop GDSC MLRITM
Git and Github workshop GDSC MLRITM
 

Azure Sentinel Introduction

  • 1. Introduction to Azure Sentinel April 2021 @directorcia http://about.me/ciaops
  • 2. Acronyms •SIEM – Security Information and Event Management •SOAR – Security, Orchestration, Automation and Response
  • 3. Introducing Microsoft Azure Sentinel Cloud-native SIEM for intelligent security analytics for your entire enterprise Limitless cloud speed and scale Bring your Office 365 + M365 Alerts for Free Easy integration with your existing tools Faster threat protection with AI by your side Respond Rapidly and automate protection Detect Threats with vast threat intelligence & AI Collect Security data across your enterprise Investigate Critical incidents guided by AI Azure Sentinel Cloud-native SIEM+SOAR
  • 4.
  • 5. Enrichment with Intelligence (Geo location, IP Reputation) Core capabilities © Microsoft Corporation Azure Microsoft Services Public Clouds Security solutions Integrate ServiceNow Community Other tools Apps, users, infrastructure Collect Automate & orchestrate response Playbooks Investigate & hunt suspicious activities Interactive Attack Visualization, Azure Notebooks Analyze & detect threats Machine learning, UEBA Data Search Data Repository Azure Monitor (log analytics) Data Ingestion
  • 6. What is Azure Sentinel? Traditional No infrastructure costs, Only pay for what you use Predictable Billing with capacity reservations Flexible model, no annual commitments Free ingestion for O365 Audit Logs, Azure Activity Logs and M365 Security Alerts Sentinel Cloud-native, scalable SIEM Hardware setup Maintenance Software setup
  • 7. And how it plays into the larger story… Pre-wired integration with Microsoft solutions Connectors for many partner solutions Standard log format support for all sources Proven log platform with more than 10 petabytes of daily ingestion
  • 8.
  • 9.
  • 12. All the ways data gets in Workspace Azure Sentinel Custom App Appliances (Integrated) Azure Services (Diagnostic Logs) AAD, AAD IP, Azure Activity, AIP, ASC, AzWAF, … Threat Intelligence (via Graph Security API) MISP, Palo Alto…. Logic App – Send Data Connector Cloud Services w/ Connector O365, MCAS, AATP, MDATP, AWS Windows Agent Linux Agent Linux Agent – Configured for CEF Appliances (CEF) P U S H P U S H P U S H P U L L Rest API P U S H
  • 13. CEF architecture On prem Syslog Over UDP, TCP, or TLS default port: 514
  • 14. Data Collectors (Quick Wins) Enable 1st Party Connectors that are running in the environment Most are free ▪ O365 ▪ Azure Activity ▪ 1st Party Alerts – MCAS, AATP, MDATP, AAD IP Connect AWS Connect / Configure Azure Diagnostic Logs (Policy) Deploy Windows/Linux Agent in Azure (built-in Policy)
  • 15.
  • 16. Data Collectors (Next Steps) Deploy Windows/Linux Agent on-prem / other clouds Deploy CEF Collection ▪ Configure CEF collector using configuration script ▪ Configure source devices – ensure they support RFC and CEF. ▪ See the “Grand List” https://techcommunity.microsoft.com/t5/Azure- Sentinel/Azure-Sentinel-The-Syslog-and-CEF-source- configuration-grand/ba-p/803891 Integrate Threat Intelligence
  • 17. Resources • Sentinel Quickstart - https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard • Connect data sources - https://docs.microsoft.com/en-us/azure/sentinel/connect-data- sources • Tutorial: Investigate incidents – https://docs.microsoft.com/en-us/azure/sentinel/tutorial- investigate-cases • Become an Azure Sentinel Ninja – https://techcommunity.microsoft.com/t5/azure- sentinel/become-an-azure-sentinel-ninja-the-complete-level-400-training/ba-p/1246310 • Azure Sentinel on Microsoft Learn - https://techcommunity.microsoft.com/t5/itops-talk- blog/learn-azure-sentinel-on-microsoft-learn/ba-p/2006346 • Visualise your data - https://docs.microsoft.com/en-us/azure/sentinel/tutorial-monitor- your-data • Azure Sentinel Workbooks 101 - https://techcommunity.microsoft.com/t5/azure- sentinel/azure-sentinel-workbooks-101-with-sample-workbook/ba-p/1409216
  • 18. CIAOPS Resources • Blog – http://blog.ciaops.com • Github – http://github.com/directorcia • Free Office 365, Azure Administration newsletter – http://bit.ly/cia-o365-tech • Free Office 365, Azure video tutorials – http://www.youtube.com/directorciaops • Free documents, presentations, eBooks – http://slideshare.net/directorcia • Office 365, Azure, Cloud podcast – http://ciaops.podbean.com • Office 365, Azure online training courses – http://www.ciaopsacademy.com • Office 365 and Azure community – http://www.ciaopspatron.com Twitter @directorcia Facebook https://www.facebook.com/ciaops Email director@ciaops.com Teams admin@ciaops365.com