As infrastructures get ever more complex, managing security becomes a significant issue. Alerts and logs are coming from many different systems, in as many different formats, and it's important that the right information is delivered to the right person in order to make the right decision to prevent a security breach.
Building on the full range of existing Azure services, Azure Sentinel natively incorporates proven foundations, like Log Analytics, and Logic Apps. Azure Sentinel enriches your investigation and detection with AI, and provides Microsoft’s threat intelligence stream and enables you to bring your own threat intelligence.
2-Click on Create a resources
3-Search of Azure sentinel
5-Azure Sentinel WorkSpaces window will be open
6-Click on Create Workspace
Azure Sentinel can run on workspaces that are deployed in any of the following regions:
- Australia Southeast
- Canada Central
- Central India
- East US
- East US 2 EUAP (Canary)
- Japan East
- Southeast Asia
- UK South
- West Europe
- West US 2
10-In my case I will connect it with Azure Virtual Machines which I already have
- Get how many events you got over the time period selected
- Get The alerts that were triggered
- Get The Event status : How many are open,in progress, and closed
Create detection rules then start Respond to threats by creating playbook to run automatically when an alert is triggered when you configure the playbook or Manually run a playbook from inside the alert, by clicking View playbooks and then selecting a playbook to run.