AZURE HEROES
  • Home-Updates
  • Blog
    • Azure Blog
    • Azure Heroes Events >
      • Azure Heroes Sessions #1
      • Azure Heroes Sessions #2
      • Azure Heroes Sessions #3
      • Azure Heroes Sessions #4
      • Azure Heroes Sessions #5
      • Azure Heroes Sessions #6
      • Azure Heroes Sessions #7
  • Who We Are!
  • eBooks
  • Azure All In One!
    • Azure Disk & Storage
    • Azure Network
    • Azure VPN
    • Azure VMs
  • Free Azure Support!
  • Contact Us
  • Events
    • Beginners Event
    • Developers Event
    • Special Event
    • Azure Workshop #4
    • Azure Workshop #5
    • Azure Workshop #6
    • Azure Workshop #7
    • Azure Workshop #8
    • Azure Heroes Sessions #9
    • Azure Heroes Sessions #10
    • Azure Heroes Sessions #11
    • Azure Heroes Sessions #12
    • Azure Heroes Sessions #13
    • Azure Heroes Sessions #14
    • Azure Heroes Sessions #15
    • Azure Heroes Sessions #16
    • Azure Heroes Sessions #17
    • Azure Heroes Sessions #18
  • Registration Form
  • Privacy Policy
  • Home-Updates
  • Blog
    • Azure Blog
    • Azure Heroes Events >
      • Azure Heroes Sessions #1
      • Azure Heroes Sessions #2
      • Azure Heroes Sessions #3
      • Azure Heroes Sessions #4
      • Azure Heroes Sessions #5
      • Azure Heroes Sessions #6
      • Azure Heroes Sessions #7
  • Who We Are!
  • eBooks
  • Azure All In One!
    • Azure Disk & Storage
    • Azure Network
    • Azure VPN
    • Azure VMs
  • Free Azure Support!
  • Contact Us
  • Events
    • Beginners Event
    • Developers Event
    • Special Event
    • Azure Workshop #4
    • Azure Workshop #5
    • Azure Workshop #6
    • Azure Workshop #7
    • Azure Workshop #8
    • Azure Heroes Sessions #9
    • Azure Heroes Sessions #10
    • Azure Heroes Sessions #11
    • Azure Heroes Sessions #12
    • Azure Heroes Sessions #13
    • Azure Heroes Sessions #14
    • Azure Heroes Sessions #15
    • Azure Heroes Sessions #16
    • Azure Heroes Sessions #17
    • Azure Heroes Sessions #18
  • Registration Form
  • Privacy Policy

Azure Sentinel from zero to hero

7/2/2019

1 Comment

 
Picture

intro

As infrastructures get ever more complex, managing security becomes a significant issue. Alerts and logs are coming from many different systems, in as many different formats, and it's important that the right information is delivered to the right person in order to make the right decision to prevent a security breach.
That 'right time' information model is critical, and it needs tooling that can bring all these information sources and events into one place. Security Information and Event Management, SIEM, is a rapidly growing part of the enterprise security market, building and delivering smart security dashboards that analyze and priorities these messages, using a mix of log file analysis and machine learning. In a complex threat environment, modern data centers need a SIEM to operate effectively, sat next to your application and network monitoring tools and helping manage your response to incidents and warnings

Azure sentinel

Microsoft recently launched Azure Sentinel, its approach to modern SIEM. Working across on-premises and in-cloud infrastructure, it's intended to be easy to set up, low maintenance, and easy to use. By building on cloud-scale data collection, and on Microsoft's own threat detection tools, Azure Sentinel can automate response using orchestration across your entire estate. It's software-as-a-service so it's scalable, and you only pay for the resources you use. The biggest advantage is its support for Microsoft security graph
Building on the full range of existing Azure services, Azure Sentinel natively incorporates proven foundations, like Log Analytics, and Logic Apps. Azure Sentinel enriches your investigation and detection with AI, and provides Microsoft’s threat intelligence stream and enables you to bring your own threat intelligence.


Getting started

1-Go into the Azure portal
2-Click on Create a resources
3-Search of Azure sentinel
Picture
4- Click on Create
5-Azure Sentinel WorkSpaces window will be open
6-Click on Create Workspace
Picture
7-Click on Add button
Picture
8-Enter the required information in our example i choose "AzureHerosWP" 
Azure Sentinel can run on workspaces that are deployed in any of the following regions:
  1. Australia Southeast
  2. Canada Central
  3. Central India
  4. East US
  5. East US 2 EUAP (Canary)
  6. Japan East
  7. Southeast Asia
  8. UK South
  9. West Europe
  10. West US 2
Picture
9-Once it done, now we have to connect the data sources
10-In my case I will connect it with Azure Virtual Machines which I already have
Picture
11-Click on desired virtual machine then click on Connect
Picture
12-Connect the Workspace to Azure Sentinel
Picture
13- From the dashboard itself you can get analysis of what's happening on your environment, fusion technique used here to correlate alerts into cases you reduce noise and minimize the number of alerts you have to review and investigate
Picture
Use Toolbar to
  • Get how many events you got over the time period selected
  • Get The alerts that were triggered
  • Get The Event status : How many are open,in progress, and closed
Picture
Finally, to start hunting:
Create detection rules then start Respond to threats by creating playbook to run automatically when an alert is triggered when you configure the playbook or Manually run a playbook from inside the alert, by clicking View playbooks and then selecting a playbook to run.





Ref:
https://docs.microsoft.com/en-us/azure/sentinel/
https://www.techrepublic.com/article/azure-sentinel-microsofts-thoroughly-modern-siem/
1 Comment
Flooring Installation Wisconsin link
2/15/2023 03:33:17 am

Thanks for writing tthis

Reply



Leave a Reply.

    Author

    Mohammad Al Rousan is a Microsoft MVP (Azure), Microsoft Certified Solution Expert (MCSE) in Cloud Platform & Azure DevOps & Infrastructure, An active community blogger and speaker. Al Rousan has over 11 years of professional experience in IT Infrastructure and very passionate about Microsoft technologies and products.

    Picture
    Picture
    Top 10 Microsoft Azure Blogs

    Archives

    January 2025
    December 2024
    November 2024
    October 2024
    September 2024
    July 2024
    June 2024
    May 2024
    April 2024
    February 2024
    September 2023
    August 2023
    May 2023
    November 2022
    October 2022
    July 2022
    June 2022
    May 2022
    April 2022
    March 2022
    February 2022
    January 2022
    December 2021
    November 2021
    May 2021
    February 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    June 2020
    April 2020
    January 2020
    July 2019
    June 2019
    May 2019
    February 2019
    January 2019

    Categories

    All
    AKS
    Azure
    Beginner
    CDN
    DevOps
    End Of Support
    Fundamentals
    Guide
    Hybrid
    License
    Migration
    Network
    Security
    SQL
    Storage
    Virtual Machines
    WAF

    RSS Feed

    Follow
    Free counters!
Powered by Create your own unique website with customizable templates.