Blog Blog Posts Business Management Process Analysis

What is Azure Sentinel?

You are going to learn the following:

Check out this YouTube video and get to know more about Azure

 

What is Azure Sentinel?

Microsoft Azure Sentinel is a scalable, cloud-native security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across an enterprise.

Microsoft Azure Sentinel performs the tasks in the following order:

 

Connect to all Data

You first need to connect to your security sources. Azure Sentinel comes with a number of connectors for Microsoft solutions available out of the box and providing real-time integration. These include Microsoft 365 Defender solutions, Office 365, Azure AD, Microsoft Defender for Identity, Microsoft Cloud App Security, and many more.

Take a look at this Azure tutorial for a better overview and understanding.

Certification in Cloud & Devops

 

Workbooks

After you have connected our data sources to Azure Sentinel, you can monitor the data using the Azure Sentinel integration with Azure Monitor Workbooks. This provides versatility in creating custom workbooks. Azure Sentinel allows you to create custom workbooks across your data, and also comes with built-in workbook templates.

 

Analytics

To help you to reduce noise and minimize the number of alerts that come up and have to be reviewed and investigated, Azure Sentinel uses analytics to correlate alerts into incidents. Incidents are groups of related alerts that together create an actionable possible threat that can be investigated and resolved. You can use the built-in correlation rules as it is or use them as a starting point to build your own.

 

Security Automation and Orchestration

Built on the foundation of Azure Logic Apps, Azure Sentinel’s automation and orchestration solution provide a highly extensible architecture that enables scalable automation as new technologies and threats emerge. To build playbooks with Azure Logic Apps, you can choose from a growing gallery of built-in playbooks. The connectors allow you to apply any custom logic in code, ServiceNow, Jira, Zendesk, HTTP requests, Microsoft Teams, Slack, Windows Defender ATP, and Cloud App Security.

 

Investigation

Currently, in preview, Azure Sentinel’s deep investigation tools help you to understand the scope and find the root cause of a potential security threat. You can choose an entity on the interactive graph to ask interesting questions for a specific entity and drill down into that entity and its connections to get to the root cause of the threat.

 

Hunting

Use Azure Sentinel’s powerful hunting search-and-query tools, based on the MITRE framework, which enable you to proactively hunt for security threats across your organization’s data sources, before an alert is triggered.

After you discover which hunting query provides high-value insights into possible attacks, you can also create custom detection rules based on your query, and surface those insights as alerts to your security incident responders. While hunting, you can create bookmarks for interesting events, enabling you to return to them later, share them with others, and group them with other correlating events to create a compelling incident for investigation.

Have a look at our Azure training course to learn Microsoft Azure from experts and get certified!

 

Community

The Microsoft Azure Sentinel community is a powerful resource for threat detection and automation. Microsoft security analysts constantly create and add new workbooks, playbooks, and hunting queries, and post them to the community for you to use.

 

Azure Sentinel Solutions

Azure Sentinel solutions provide in-product discoverability, single-step deployment, and enablement of end-to-end product, domain, and/or vertical scenarios in Azure Sentinel. This experience is powered by Azure Marketplace for solutions’ discoverability, deployment, and enablement and by Microsoft Partner Center for solutions’ authoring and publishing.

 

Why choose Microsoft Azure Sentinel Solutions

 

Types of Azure Sentinel Solutions

Azure Sentinel currently offers packaged content solutions. These solutions include combinations of one or more data connectors, workbooks, analytics rules, playbooks, hunting queries, parsers, watchlists, and other components for Azure Sentinel.

There are two other types of solutions that can be offered at this time in the generic Azure Marketplace:

This includes services or tools built using Azure Sentinel APIs or Azure Log Analytics APIs to enable customers to integrate their existing applications with the Sentinel or migrate data, queries, etc., from existing applications to Azure Sentinel.

This includes listings to specifically managed services for Azure Sentinel.

 

Normalization and the Azure Sentinel Information Model (ASIM)

Azure Sentinel ingests data from many sources. Working with various data types and tables together requires you to understand each of them and write or use unique sets for analytics rules, workbooks, and hunting queries for each type or schema.

The ASIM provides a seamless experience for handling various sources in uniform, normalized views by:

 

Components of the Azure Sentinel Information Model (ASIM)

Become a Cloud and DevOps Architect

Preparing for a job interview? Have a look at our blog on Azure interview questions and excel your hiring journey!

 

Microsoft Azure Sentinel Tutorial

Moving ahead, you will learn to configure Azure Sentinel step by step:

 

Conclusion

Azure Sentinel is a powerful cloud-native SIEM tool that has the features of both SIEM and SOAR solutions. Azure Sentinel can detect and respond to threats due to its in-built artificial intelligence. It helps to monitor an ecosystem from cloud to on-premises, workstation, and personal devices.

If you have any questions, shoot them right away to our Azure community!

The post What is Azure Sentinel? appeared first on Intellipaat Blog.

Blog: Intellipaat - Blog

Leave a Comment

Get the BPI Web Feed

Using the HTML code below, you can display this Business Process Incubator page content with the current filter and sorting inside your web site for FREE.

Copy/Paste this code in your website html code:

<iframe src="https://www.businessprocessincubator.com/content/what-is-azure-sentinel/?feed=html" frameborder="0" scrolling="auto" width="100%" height="700">

Customizing your BPI Web Feed

You can click on the Get the BPI Web Feed link on any of our page to create the best possible feed for your site. Here are a few tips to customize your BPI Web Feed.

Customizing the Content Filter
On any page, you can add filter criteria using the MORE FILTERS interface:

Customizing the Content Filter

Customizing the Content Sorting
Clicking on the sorting options will also change the way your BPI Web Feed will be ordered on your site:

Get the BPI Web Feed

Some integration examples

BPMN.org

XPDL.org

×