SlideShare a Scribd company logo

Azure Sentinel Level 400 Technical Overview

F
FadhilMuhammad80

Azure Sentinel L400 Ninja

Technology
1 of 40
Download to read offline
Azure Sentinel Level 400 Module 1 Technical Overview
Overview • In this module you will learn What Azure Sentinel is, its key advantages and core features. Pre- requisites • None. Start here.
A cloud SIEM For the Cloud And for on premises
Cloud + Artificial Intelligence Security Operations Team
Uses AI and automation to improve effectiveness Scales to support your growing digital estate Delivers instant value to your defenders
• Auto-scales • Easy collection from cloud sources • Avoid sending cloud telemetry downstream • Key log sources are free No brainer Advantages • DevOps deployment and enforcement • Distributed • Cloud native-schema But there is more! A SIEM native to the cloud
Microsoft Security Advantage ▪ $1B ▪ 3500+ ▪ Trillions of
Analytics Detect Collect Incidents Automation Visibility Hunting Investigate Respond
Collection
Azure Sentinel Data store Automation User interface Rules Machine learning Search & investigation On Premises AWS, Other Clouds & SaaS Apps Customer’s Tenant Collect security data at cloud scale from any source
(Optional) Collector Proxy OS events, DNS, Windows FW, DHCP agent agent CEF or Syslog connector Syslog (TLS, TCP, UDP) Branch Office CEF/Syslog connector WEF Connector HTTPS WEC Logstash Custom Connectors
The Syslog and CEF grand list Collecting logs from Microsoft Services & Apps The Agent: Collecting from on-prem and IaaS server Custom Connectors
Visualization
Choose from a gallery of workbooks Customize or create your own workbooks using queries Take advantage of rich visualization options Gain insight into one or more data sources
Analytics
Choose from more than 100 built-in analytics rules Customize and create your own rules using KQL queries Correlate events with your threat intelligence and now with Microsoft URL intelligence Trigger automated playbooks
Use built–in models – no ML experience required Detects anomalies using transferred learning Fuses data sources to detect threats that span the kill chain Simply connect your data and learning begins Bring your own ML models (coming soon)
Incidents
Use incident to collect related alerts, events, and bookmarks Manage assignments and track status Add tags and comments Integrate with your ticketing system
Navigate the relationships between related alerts, bookmarks, and entities Expand the scope using exploration queries View a timeline of related alerts, events, and bookmarks Gain deep insights into related entities – users, domains, and more
Configure URL Entities in analytics rules Automatically trigger URL detonation Enrich alerts with Verdicts, Final URLs and Screen Shots (e.g. for phishing sites)
Hunting
Run built-in threat hunting queries - no prior query experience required Customize and create your own hunting queries using KQL Integrate hunting and investigations
Search using free text or fields Tabulate your data Visualize query results Automatically detect and plot anomalies in data
Bookmark notable data Start an investigation from a bookmark or add to an existing incident Monitor a live stream of new threat related activity
Run in the Azure cloud Save as sharable HTML/JSON Query Azure Sentinel data Bring external data sources Use your language of choice - Python, SQL, KQL, R, …
Automation
Build automated and scalable playbooks that integrate across tools Choose from a library of samples Create your own playbooks using 200+ built-in connectors Trigger a playbook from an alert or incident investigation
Assign an Incident to an Analyst Open a Ticket (ServiceNow/Jira) Keep Incident Status in Sync Post in a Teams or Slack Channel Incident Management Lookup Geo for an IP Trigger Defender ATP Investigation Send Validation Email to User Enrichment + Investigation Block an IP Address Block User Access Trigger Conditional Access Isolate Machine Remediation
To learn more, visit https://aka.ms/AzureSentinel Create Azure Sentinel instance Connect data sources Start Microsoft Azure trial
Webinars Tech Blogs Tech Community User Voice Github AzureSentinel@microsoft.com

Recommended

Azure Sentinel with Office 365
Azure Sentinel with Office 365Azure Sentinel with Office 365
Azure Sentinel with Office 365Cheah Eng Soon
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelCheah Eng Soon
 
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...azuredayit
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinelAdam Ochs
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...carlitocabana
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelSamik Roy
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinelMarius Sandbu
 

Recommended

Azure Sentinel with Office 365
Azure Sentinel with Office 365Azure Sentinel with Office 365
Azure Sentinel with Office 365Cheah Eng Soon
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelCheah Eng Soon
 
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat respon...azuredayit
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinelAdam Ochs
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...carlitocabana
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelSamik Roy
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinelMarius Sandbu
 
Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Sumo Logic
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Matt Soseman
 
Sumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security AnalyticsSumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security AnalyticsSumo Logic
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips Mario Worwell
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAmazon Web Services
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxJustineGarcia32
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
FireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the CloudFireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the CloudAmazon Web Services
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoTAmazon Web Services
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS SecurityAmazon Web Services
 
NVS_Sentinel
NVS_SentinelNVS_Sentinel
NVS_SentinelMike Mihm
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewDavid J Rosenthal
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security CenterMicrosoft
 
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessAlabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessToni de la Fuente
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best PracticesAmazon Web Services
 
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...Amazon Web Services
 
9 Security Best Practices
9 Security Best Practices9 Security Best Practices
9 Security Best PracticesAmazon Web Services
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 

More Related Content

Similar to Azure Sentinel Level 400 Technical Overview

Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Sumo Logic
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Matt Soseman
 
Sumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security AnalyticsSumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security AnalyticsSumo Logic
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips Mario Worwell
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAmazon Web Services
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxJustineGarcia32
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseSplunk
 
FireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the CloudFireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the CloudAmazon Web Services
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS SecurityAmazon Web Services
 
NVS_Sentinel
NVS_SentinelNVS_Sentinel
NVS_SentinelMike Mihm
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security CenterMicrosoft
 
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessAlabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessToni de la Fuente
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureQualys
 
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...Amazon Web Services
 

Similar to Azure Sentinel Level 400 Technical Overview (20)

Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018Security Certification: Security Analytics using Sumo Logic - Oct 2018
Security Certification: Security Analytics using Sumo Logic - Oct 2018
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
 
Sumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security AnalyticsSumo Logic Cert Jam - Security Analytics
Sumo Logic Cert Jam - Security Analytics
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
 
An Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the CloudAn Evolving Security Landscape – Security Patterns in the Cloud
An Evolving Security Landscape – Security Patterns in the Cloud
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptx
 
Getting Started with Splunk Enterprise
Getting Started with Splunk EnterpriseGetting Started with Splunk Enterprise
Getting Started with Splunk Enterprise
 
FireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the CloudFireEye: Seamless Visibility and Detection for the Cloud
FireEye: Seamless Visibility and Detection for the Cloud
 
Getting Started with AWS IoT
Getting Started with AWS IoTGetting Started with AWS IoT
Getting Started with AWS IoT
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS Security
 
NVS_Sentinel
NVS_SentinelNVS_Sentinel
NVS_Sentinel
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
 
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics ReadinessAlabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
Alabama CyberNow 2018: Cloud Hardening and Digital Forensics Readiness
 
Securing Your Public Cloud Infrastructure
Securing Your Public Cloud InfrastructureSecuring Your Public Cloud Infrastructure
Securing Your Public Cloud Infrastructure
 
Security Best Practices
Security Best PracticesSecurity Best Practices
Security Best Practices
 
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
AWS re:Invent 2016: 5 Security Automation Improvements You Can Make by Using ...
 
9 Security Best Practices
9 Security Best Practices9 Security Best Practices
9 Security Best Practices
 

Recently uploaded

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Recently uploaded (20)

Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Azure Sentinel Level 400 Technical Overview

  • 1. Azure Sentinel Level 400 Module 1 Technical Overview
  • 2.
  • 3. Overview • In this module you will learn What Azure Sentinel is, its key advantages and core features. Pre- requisites • None. Start here.
  • 4. A cloud SIEM For the Cloud And for on premises
  • 5. Cloud + Artificial Intelligence Security Operations Team
  • 6. Uses AI and automation to improve effectiveness Scales to support your growing digital estate Delivers instant value to your defenders
  • 7. • Auto-scales • Easy collection from cloud sources • Avoid sending cloud telemetry downstream • Key log sources are free No brainer Advantages • DevOps deployment and enforcement • Distributed • Cloud native-schema But there is more! A SIEM native to the cloud
  • 8. Microsoft Security Advantage ▪ $1B ▪ 3500+ ▪ Trillions of
  • 10.
  • 12. Azure Sentinel Data store Automation User interface Rules Machine learning Search & investigation On Premises AWS, Other Clouds & SaaS Apps Customer’s Tenant Collect security data at cloud scale from any source
  • 13. (Optional) Collector Proxy OS events, DNS, Windows FW, DHCP agent agent CEF or Syslog connector Syslog (TLS, TCP, UDP) Branch Office CEF/Syslog connector WEF Connector HTTPS WEC Logstash Custom Connectors
  • 14. The Syslog and CEF grand list Collecting logs from Microsoft Services & Apps The Agent: Collecting from on-prem and IaaS server Custom Connectors
  • 16. Choose from a gallery of workbooks Customize or create your own workbooks using queries Take advantage of rich visualization options Gain insight into one or more data sources
  • 17.
  • 18.
  • 19.
  • 21. Choose from more than 100 built-in analytics rules Customize and create your own rules using KQL queries Correlate events with your threat intelligence and now with Microsoft URL intelligence Trigger automated playbooks
  • 22. Use built–in models – no ML experience required Detects anomalies using transferred learning Fuses data sources to detect threats that span the kill chain Simply connect your data and learning begins Bring your own ML models (coming soon)
  • 24. Use incident to collect related alerts, events, and bookmarks Manage assignments and track status Add tags and comments Integrate with your ticketing system
  • 25. Navigate the relationships between related alerts, bookmarks, and entities Expand the scope using exploration queries View a timeline of related alerts, events, and bookmarks Gain deep insights into related entities – users, domains, and more
  • 26. Configure URL Entities in analytics rules Automatically trigger URL detonation Enrich alerts with Verdicts, Final URLs and Screen Shots (e.g. for phishing sites)
  • 28. Run built-in threat hunting queries - no prior query experience required Customize and create your own hunting queries using KQL Integrate hunting and investigations
  • 29.
  • 30. Search using free text or fields Tabulate your data Visualize query results Automatically detect and plot anomalies in data
  • 31.
  • 32.
  • 33. Bookmark notable data Start an investigation from a bookmark or add to an existing incident Monitor a live stream of new threat related activity
  • 34. Run in the Azure cloud Save as sharable HTML/JSON Query Azure Sentinel data Bring external data sources Use your language of choice - Python, SQL, KQL, R, …
  • 36. Build automated and scalable playbooks that integrate across tools Choose from a library of samples Create your own playbooks using 200+ built-in connectors Trigger a playbook from an alert or incident investigation
  • 37.
  • 38. Assign an Incident to an Analyst Open a Ticket (ServiceNow/Jira) Keep Incident Status in Sync Post in a Teams or Slack Channel Incident Management Lookup Geo for an IP Trigger Defender ATP Investigation Send Validation Email to User Enrichment + Investigation Block an IP Address Block User Access Trigger Conditional Access Isolate Machine Remediation
  • 39. To learn more, visit https://aka.ms/AzureSentinel Create Azure Sentinel instance Connect data sources Start Microsoft Azure trial
  • 40. Webinars Tech Blogs Tech Community User Voice Github AzureSentinel@microsoft.com