SlideShare a Scribd company logo

TechTalksUtah-Sentinel-20191108.pptx

Download as PPTX, PDF
J
JustineGarcia32

data and sentinel

Art & Photos
1 of 54
• 12:45 PM – Check-in / Food /Networking • 1:00 PM– Welcome/Kickoff • 2:45 PM – Q&A Agenda:
• Restrooms – out the front door past the elevators to your right • WiFi • SSID: MSFTGUEST • Password: msevent993gx Facilities:
What are Microsoft Tech Talks? • Microsoft Tech Talks is a Technical Community event, designed to bring IT leaders in the local area together at a Microsoft facility, for deep Microsoft- technology based discussions, and • An opportunity to network and share with local Microsoft Services Professionals and other IT professionals. • A Microsoft Services presenter delivers a technically-rich presentation covering a product, product feature, or service that Microsoft offers, • Our presenters are world-class Subject Matter Experts and trusted advisors to our highly-valued customers. • Our meetings are a great opportunity to 'ask the experts' questions about their given field of expertise. • Subjects vary from session to session and attempt to be at the leading edge, showcasing our latest features and products available. • These communities now collectively have over 2500 members that have joined one of the local meetup groups. • We are constantly expanding to a region near you, your friends / colleagues….. https://aka.ms/mttmap
We are on meetup!!! • Join Us to keep up to date on our latest events • https://www.meetup.com/mttutah/ • RSVP Closed does not mean Closed! • Look for the Microsoft Events sign-up link! • Tell all your friends / colleagues • Join our Microsoft Community Site for ALL Tech Talk Events throughout the country • PowerPoint Decks are Posted here • https://aka.ms/MTTCommunity
Survey https://aka.ms/UtahSurvey VERY Short…8 questions! Please be aware that your feedback is extremely valued and important to us, as in addition to improving the quality of our events, it helps us to justify the time, effort and money in hosting, funding and organizing these events.
Azure Security & Sentinel Services Security: Azure Sentinel – Fundamentals Security: Azure Security Center – Fundamentals Security: Cloud App Security Security: Advanced Threat Detection Workshop+: Microsoft Azure: Security Best Practices
Introductions 1. Name • Linda Chapman 2. Role • Azure Technical Trainer – MS WWL • Microsoft Certified Trainer - 1996 • Senior Enterprise Architect - 1996 3. Experience • 33 years experience • Developer – 7 years • Infrastructure, Security, Architecture • Cloud Architect since 2010 Azure & AWS  Architecture and Migrations – 20 years  Azure, O365, ASR, CAS, ATP, SQL, Oracle, ServiceNow, VMware, Citrix, AWS  AZ-300/301, WS-500, DP-200, DP-201, AZ- 103, AI-100, M365 Gamer 6Nerds.com 4 Children 4 dogs 7 cats Utah/Texas https://www.linkedin.com/in/LindaChapman https://blogs.technet.microsoft.com/lindachapman/
Security Operations Team Expanding digital estate
Too many disconnected products High volume of noisy alerts Security skills in short supply Lack of automation Rising infrastructure costs and upfront investment IT deployment & maintenance Sophistication of threats Traditional SOC Challenges
Cloud + Artificial Intelligence Security Operations Team Azure Sentinel is a cloud-native SIEM
Introducing Microsoft Azure Sentinel Azure Sentinel Cloud-native SIEM + SOAR (Security Orchestration, Automation and Response) for intelligent security analytics for your entire enterprise Respond Rapidly and automate protection Detect Threats with vast threat intelligence and AI Investigate Collect Security data across your enterprise Critical incidents guided by AI Limitless cloud speed and scale Bring your Office 365 data for Free Easy integration with your existing tools Faster threat protection with AI by your side
Azure Sentinel – Across Security Center © Microsoft Corporation Azure
Connectors - https://techcommunity.microsoft.com/t5/Azure-Sentinel/bg-p/AzureSentinelBlog © Microsoft Corporation Azure
Azure Sentinel – Cloud Native SIEM + SOAR Azure Sentinel is a true cloud native software as a service solution for SIEM+SOAR (Security information and event management + Security orchestration and automated response) with automatic scalability, no server installation, maintenance, or complex configuration. It lets your SecOps team focus on the most important tasks- defending against threats to your organization. Microsoft Azure Sentinel is a PaaS service started with ArcSite with using Azure Data Explorer using LogicApps as it’s built in Automation engine. It uses Azure Log Analytics our log platform, in the background for it’s data.
Focus on security, unburden SecOps from IT tasks © Microsoft Corporation Azure No infrastructure setup or maintenance SIEM Service available in Azure portal Scale automatically, put no limits to compute or storage resources
Traditional Reduce security and IT costs- Get a cost effective SIEM No infrastructure costs, Only pay for what you use Bring your Office 365 Data for free Predictable Billing with capacity reservations Flexible model, no annual commitments Sentinel Cloud-native, scalable SIEM Hardware setup Maintenance Software setup
Integrate with existing tools & data sources
Collect security data at cloud scale from all sources across your enterprise © Microsoft Corporation Azure Pre-wired integration with Microsoft solutions Connectors for many partner solutions Standard log format support for all sources Proven log platform with more than 10 petabytes of daily ingestion
Optimize for your needs © Microsoft Corporation Azure Bring your own insights, machine learning models, and threat intelligence Tap into our security community to build on detections, threat intelligence, and response automation. Bring your own ML Models & Threat Intelligence Security Community
Linda Chapman Live Demo © Microsoft Corporation Azure
Azure Sentinel – Data Connectors © Microsoft Corporation Azure
Azure Sentinel – Data Connectors © Microsoft Corporation Azure
Azure Sentinel – Overview Dashboard © Microsoft Corporation Azure
Sentinel is back by Log Analytics Workspace © Microsoft Corporation Azure
Sentinel – News & Guides © Microsoft Corporation Azure
Sentinel – Threat Management - Incidents © Microsoft Corporation Azure
Sentinel – Threat Management - Workbooks © Microsoft Corporation Azure
Sentinel – Threat Management - Hunting © Microsoft Corporation Azure
Sentinel – Threat Management - Notebooks © Microsoft Corporation Azure
Sentinel – Configuration – Data Connectors © Microsoft Corporation Azure
Sentinel – Configuration - Analytics © Microsoft Corporation Azure
Sentinel – Configuration - Playbooks © Microsoft Corporation Azure
Sentinel – Configuration - Community © Microsoft Corporation Azure
Sentinel – Configuration - Settings © Microsoft Corporation Azure
GitHub © Microsoft Corporation Azure
AI by your side
Detect threats and analyze security data quickly with AI © Microsoft Corporation Azure ML models based on decades of Microsoft security experience and learnings Millions of signals filtered to few correlated and prioritized incidents Insights based on vast Microsoft threat intelligence and your own TI Reduce alert fatigue by up to 90% Correlated rules User Entity Behavior Analysis integrated with Microsoft 365 Bring your own ML models Pre-built Machine Learning models Threat Detection and Analysis
Respond rapidly with built-in orchestration and automation Build automated and scalable playbooks that integrate across tools ! Security Products Ticketing Systems (ServiceNow) Additional tools
How it works © Microsoft Corporation Azure Microsoft Services Analyze & Detect Investigate & Hunt Automate & Orchestrate Response Visibility Data Ingestion Data Repository Data Search Enrichment Integrate Collect
Investigate threats with AI and hunt suspicious activities at scale © Microsoft Corporation Azure Get prioritized alerts and automated expert guidance Visualize the entire attack and its impact Hunt for suspicious activities using pre-built queries and Azure Notebooks
Threat detection, investigation and response © Microsoft Corporation Azure
Azure Sentinel Data store Automation User interface Rules Machine learning Search & investigation On Premises Other Clouds & SaaS Apps Customer’s Tenant
Customer’s Tenant Azure Sentinel (Optional) Collector Proxy Azure Sentinel on-premises collection options: 1. Agent 2. CEF/Syslog 3. WEF 4. Native Collection 5. Logic Apps 6. Direct API + Logstash All methods can be applied to Cloud IaaS. OS events, DNS, Windows FW, DHCP agent agent CEF or Syslog connector Syslog (TLS, TCP, UDP) Branch Office Auto deployed cloud CEF of Syslog connector WEF Connector HTTPS WEC Direct Integration for supported sources
      
Azure Sentinel Syslog Collector (Dedicated Linux VM)
Azure Azure Sentinel Syslog Collector (Dedicated VM)
On Prem Azure Sentinel Syslog Collector (Dedicated VM)
Azure Sentinel Syslog Collector (Dedicated Windows VM)
Closing - Get started with Azure Sentinel To learn more, visit https://aka.ms/AzureSentinel Connect data sources Start Microsoft Azure trial Open Azure Sentinel dashboard in Azure Portal
Questions and Answers
Survey https://aka.ms/UtahSurvey VERY Short…8 questions! Please be aware that your feedback is extremely valued and important to us, as in addition to improving the quality of our events, it helps us to justify the time, effort and money in hosting, funding and organizing these events.

Recommended

Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure SentinelCheah Eng Soon
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Research
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewDavid J Rosenthal
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Azure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAsaf Nakash
 

Recommended

Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure SentinelCheah Eng Soon
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Research
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security OverviewDavid J Rosenthal
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Azure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAsaf Nakash
 
Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
Secure the modern Enterprise
Secure the modern EnterpriseSecure the modern Enterprise
Secure the modern EnterpriseMicrosoft Österreich
 
Microsoft Security Advice ISSA Slides.pptx
Microsoft Security Advice ISSA Slides.pptxMicrosoft Security Advice ISSA Slides.pptx
Microsoft Security Advice ISSA Slides.pptxMike Brannon
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure SentinelBGA Cyber Security
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With AzureSoftchoice Corporation
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...carlitocabana
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreJoel Oleson
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...Amazon Web Services
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityBruno Capuano
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security CenterUdaiappa Ramachandran
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Community
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on CloudTu Pham
 
Modern Workplace with Microsoft 365
Modern Workplace with Microsoft 365Modern Workplace with Microsoft 365
Modern Workplace with Microsoft 365Ravikumar Sathyamurthy
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Top Learnings from Azure Security (1).pdf
Top Learnings from Azure Security (1).pdfTop Learnings from Azure Security (1).pdf
Top Learnings from Azure Security (1).pdfinfosec train
 
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...Amazon Web Services
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsFredBrandonAuthorMCP
 
asdsadsadsadasd12121ewqdasdsadsadsadsadsads
asdsadsadsadasd12121ewqdasdsadsadsadsadsadsasdsadsadsadasd12121ewqdasdsadsadsadsadsads
asdsadsadsadasd12121ewqdasdsadsadsadsadsadsJustineGarcia32
 
dsadsadsadassfasfadsadsaddas1321312.pptx
dsadsadsadassfasfadsadsaddas1321312.pptxdsadsadsadassfasfadsadsaddas1321312.pptx
dsadsadsadassfasfadsadsaddas1321312.pptxJustineGarcia32
 

More Related Content

Similar to TechTalksUtah-Sentinel-20191108.pptx

Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceVignesh Ganesan I Microsoft MVP
 
Microsoft Security Advice ISSA Slides.pptx
Microsoft Security Advice ISSA Slides.pptxMicrosoft Security Advice ISSA Slides.pptx
Microsoft Security Advice ISSA Slides.pptxMike Brannon
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With AzureSoftchoice Corporation
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...carlitocabana
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreJoel Oleson
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...Amazon Web Services
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityBruno Capuano
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Community
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAmazon Web Services
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on CloudTu Pham
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Top Learnings from Azure Security (1).pdf
Top Learnings from Azure Security (1).pdfTop Learnings from Azure Security (1).pdf
Top Learnings from Azure Security (1).pdfinfosec train
 
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...Amazon Web Services
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsFredBrandonAuthorMCP
 

Similar to TechTalksUtah-Sentinel-20191108.pptx (20)

Fundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and ComplianceFundamentals of Microsoft 365 Security , Identity and Compliance
Fundamentals of Microsoft 365 Security , Identity and Compliance
 
Secure the modern Enterprise
Secure the modern EnterpriseSecure the modern Enterprise
Secure the modern Enterprise
 
Microsoft Security Advice ISSA Slides.pptx
Microsoft Security Advice ISSA Slides.pptxMicrosoft Security Advice ISSA Slides.pptx
Microsoft Security Advice ISSA Slides.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
 
Improving Application Security With Azure
Improving Application Security With AzureImproving Application Security With Azure
Improving Application Security With Azure
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
 
Securely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure ScoreSecurely Harden Microsoft 365 with Secure Score
Securely Harden Microsoft 365 with Secure Score
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure security
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
 
AWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security ModelAWS Webcast - Understanding the AWS Security Model
AWS Webcast - Understanding the AWS Security Model
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
 
System Security on Cloud
System Security on CloudSystem Security on Cloud
System Security on Cloud
 
Modern Workplace with Microsoft 365
Modern Workplace with Microsoft 365Modern Workplace with Microsoft 365
Modern Workplace with Microsoft 365
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
 
Top Learnings from Azure Security (1).pdf
Top Learnings from Azure Security (1).pdfTop Learnings from Azure Security (1).pdf
Top Learnings from Azure Security (1).pdf
 
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
How Splunk and AWS Enabled End-to-End Visibility for PagerDuty and Bolstered ...
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security Solutions
 

More from JustineGarcia32

asdsadsadsadasd12121ewqdasdsadsadsadsadsads
asdsadsadsadasd12121ewqdasdsadsadsadsadsadsasdsadsadsadasd12121ewqdasdsadsadsadsadsads
asdsadsadsadasd12121ewqdasdsadsadsadsadsadsJustineGarcia32
 
dsadsadsadassfasfadsadsaddas1321312.pptx
dsadsadsadassfasfadsadsaddas1321312.pptxdsadsadsadassfasfadsadsaddas1321312.pptx
dsadsadsadassfasfadsadsaddas1321312.pptxJustineGarcia32
 
SQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptxSQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptxJustineGarcia32
 
adadadadadsdasadasdasdasdasdasdsadsaada.pptx
adadadadadsdasadasdasdasdasdasdsadsaada.pptxadadadadadsdasadasdasdasdasdasdsadsaada.pptx
adadadadadsdasadasdasdasdasdasdsadsaada.pptxJustineGarcia32
 
ADADDSFADSADSADSADWQDWQDWQDWQDQDWQDWQDWQD
ADADDSFADSADSADSADWQDWQDWQDWQDQDWQDWQDWQDADADDSFADSADSADSADWQDWQDWQDWQDQDWQDWQDWQD
ADADDSFADSADSADSADWQDWQDWQDWQDQDWQDWQDWQDJustineGarcia32
 
QEWRRTTSADSADADADASDWQDWQDWDQWDWQDQDWQDWQDWQ
QEWRRTTSADSADADADASDWQDWQDWDQWDWQDQDWQDWQDWQQEWRRTTSADSADADADASDWQDWQDWDQWDWQDQDWQDWQDWQ
QEWRRTTSADSADADADASDWQDWQDWDQWDWQDQDWQDWQDWQJustineGarcia32
 
QEWWADWDSADSACSACSADSAFASFAFSAFASFASFASFSAF
QEWWADWDSADSACSACSADSAFASFAFSAFASFASFASFSAFQEWWADWDSADSACSACSADSAFASFAFSAFASFASFASFSAF
QEWWADWDSADSACSACSADSAFASFAFSAFASFASFASFSAFJustineGarcia32
 

More from JustineGarcia32 (7)

asdsadsadsadasd12121ewqdasdsadsadsadsadsads
asdsadsadsadasd12121ewqdasdsadsadsadsadsadsasdsadsadsadasd12121ewqdasdsadsadsadsadsads
asdsadsadsadasd12121ewqdasdsadsadsadsadsads
 
dsadsadsadassfasfadsadsaddas1321312.pptx
dsadsadsadassfasfadsadsaddas1321312.pptxdsadsadsadassfasfadsadsaddas1321312.pptx
dsadsadsadassfasfadsadsaddas1321312.pptx
 
SQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptxSQL Server on Azure VM datasheet.dsadaspptx
SQL Server on Azure VM datasheet.dsadaspptx
 
adadadadadsdasadasdasdasdasdasdsadsaada.pptx
adadadadadsdasadasdasdasdasdasdsadsaada.pptxadadadadadsdasadasdasdasdasdasdsadsaada.pptx
adadadadadsdasadasdasdasdasdasdsadsaada.pptx
 
ADADDSFADSADSADSADWQDWQDWQDWQDQDWQDWQDWQD
ADADDSFADSADSADSADWQDWQDWQDWQDQDWQDWQDWQDADADDSFADSADSADSADWQDWQDWQDWQDQDWQDWQDWQD
ADADDSFADSADSADSADWQDWQDWQDWQDQDWQDWQDWQD
 
QEWRRTTSADSADADADASDWQDWQDWDQWDWQDQDWQDWQDWQ
QEWRRTTSADSADADADASDWQDWQDWDQWDWQDQDWQDWQDWQQEWRRTTSADSADADADASDWQDWQDWDQWDWQDQDWQDWQDWQ
QEWRRTTSADSADADADASDWQDWQDWDQWDWQDQDWQDWQDWQ
 
QEWWADWDSADSACSACSADSAFASFAFSAFASFASFASFSAF
QEWWADWDSADSACSACSADSAFASFAFSAFASFASFASFSAFQEWWADWDSADSACSACSADSAFASFAFSAFASFASFASFSAF
QEWWADWDSADSACSACSADSAFASFAFSAFASFASFASFSAF
 

Recently uploaded

9654467111 Full Enjoy @24/7 Call Girls In Saket Delhi Ncr
9654467111 Full Enjoy @24/7 Call Girls In Saket Delhi Ncr9654467111 Full Enjoy @24/7 Call Girls In Saket Delhi Ncr
9654467111 Full Enjoy @24/7 Call Girls In Saket Delhi NcrSapana Sha
 
Karachi Escorts | +923070433345 | Escort Service in Karachi
Karachi Escorts | +923070433345 | Escort Service in KarachiKarachi Escorts | +923070433345 | Escort Service in Karachi
Karachi Escorts | +923070433345 | Escort Service in KarachiAyesha Khan
 
Faridabad Call Girls : ☎ 8527673949, Low rate Call Girls
Faridabad Call Girls : ☎ 8527673949, Low rate Call GirlsFaridabad Call Girls : ☎ 8527673949, Low rate Call Girls
Faridabad Call Girls : ☎ 8527673949, Low rate Call Girlsashishs7044
 
Mandi House Call Girls : ☎ 8527673949, Low rate Call Girls
Mandi House Call Girls : ☎ 8527673949, Low rate Call GirlsMandi House Call Girls : ☎ 8527673949, Low rate Call Girls
Mandi House Call Girls : ☎ 8527673949, Low rate Call Girlsashishs7044
 
Pragati Maidan Call Girls : ☎ 8527673949, Low rate Call Girls
Pragati Maidan Call Girls : ☎ 8527673949, Low rate Call GirlsPragati Maidan Call Girls : ☎ 8527673949, Low rate Call Girls
Pragati Maidan Call Girls : ☎ 8527673949, Low rate Call Girlsashishs7044
 
Retail Store Scavanger Hunt - Foundation College Park
Retail Store Scavanger Hunt - Foundation College ParkRetail Store Scavanger Hunt - Foundation College Park
Retail Store Scavanger Hunt - Foundation College Parkjosebenzaquen
 
Call Girls in Islamabad | 03274100048 | Call Girl Service
Call Girls in Islamabad | 03274100048 | Call Girl ServiceCall Girls in Islamabad | 03274100048 | Call Girl Service
Call Girls in Islamabad | 03274100048 | Call Girl ServiceAyesha Khan
 
FULL ENJOY - 9953040155 Call Girls in Gtb Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Gtb Nagar | DelhiFULL ENJOY - 9953040155 Call Girls in Gtb Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Gtb Nagar | DelhiMalviyaNagarCallGirl
 
Bare And Wild Creation, Curio Shop, Tucumcari NM
Bare And Wild Creation, Curio Shop, Tucumcari NMBare And Wild Creation, Curio Shop, Tucumcari NM
Bare And Wild Creation, Curio Shop, Tucumcari NMroute66connected
 
9654467111 Call Girls In Noida Sector 62 Short 1500 Night 6000
9654467111 Call Girls In Noida Sector 62 Short 1500 Night 60009654467111 Call Girls In Noida Sector 62 Short 1500 Night 6000
9654467111 Call Girls In Noida Sector 62 Short 1500 Night 6000Sapana Sha
 
Karol Bagh Call Girls : ☎ 8527673949, Low rate Call Girls
Karol Bagh Call Girls : ☎ 8527673949, Low rate Call GirlsKarol Bagh Call Girls : ☎ 8527673949, Low rate Call Girls
Karol Bagh Call Girls : ☎ 8527673949, Low rate Call Girlsashishs7044
 
FULL ENJOY - 9953040155 Call Girls in Moti Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Moti Nagar | DelhiFULL ENJOY - 9953040155 Call Girls in Moti Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Moti Nagar | DelhiMalviyaNagarCallGirl
 
San Jon Motel, Motel/Residence, San Jon NM
San Jon Motel, Motel/Residence, San Jon NMSan Jon Motel, Motel/Residence, San Jon NM
San Jon Motel, Motel/Residence, San Jon NMroute66connected
 
FULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | DelhiFULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | DelhiMalviyaNagarCallGirl
 
Strip Zagor Extra 322 - Dva ortaka.pdf
Strip Zagor Extra 322 - Dva ortaka.pdfStrip Zagor Extra 322 - Dva ortaka.pdf
Strip Zagor Extra 322 - Dva ortaka.pdfStripovizijacom
 
FULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | Delhi
FULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | DelhiFULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | Delhi
FULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | DelhiMalviyaNagarCallGirl
 
Downtown Call Girls O5O91O128O Pakistani Call Girls in Downtown
Downtown Call Girls O5O91O128O Pakistani Call Girls in DowntownDowntown Call Girls O5O91O128O Pakistani Call Girls in Downtown
Downtown Call Girls O5O91O128O Pakistani Call Girls in Downtowndajasot375
 
FULL ENJOY - 9953040155 Call Girls in Karol Bagh | Delhi
FULL ENJOY - 9953040155 Call Girls in Karol Bagh | DelhiFULL ENJOY - 9953040155 Call Girls in Karol Bagh | Delhi
FULL ENJOY - 9953040155 Call Girls in Karol Bagh | DelhiMalviyaNagarCallGirl
 
8377087607, Door Step Call Girls In Gaur City (NOIDA) 24/7 Available
8377087607, Door Step Call Girls In Gaur City (NOIDA) 24/7 Available8377087607, Door Step Call Girls In Gaur City (NOIDA) 24/7 Available
8377087607, Door Step Call Girls In Gaur City (NOIDA) 24/7 Availabledollysharma2066
 
Akola Call Girls #9907093804 Contact Number Escorts Service Akola
Akola Call Girls #9907093804 Contact Number Escorts Service AkolaAkola Call Girls #9907093804 Contact Number Escorts Service Akola
Akola Call Girls #9907093804 Contact Number Escorts Service Akolasrsj9000
 

Recently uploaded (20)

9654467111 Full Enjoy @24/7 Call Girls In Saket Delhi Ncr
9654467111 Full Enjoy @24/7 Call Girls In Saket Delhi Ncr9654467111 Full Enjoy @24/7 Call Girls In Saket Delhi Ncr
9654467111 Full Enjoy @24/7 Call Girls In Saket Delhi Ncr
 
Karachi Escorts | +923070433345 | Escort Service in Karachi
Karachi Escorts | +923070433345 | Escort Service in KarachiKarachi Escorts | +923070433345 | Escort Service in Karachi
Karachi Escorts | +923070433345 | Escort Service in Karachi
 
Faridabad Call Girls : ☎ 8527673949, Low rate Call Girls
Faridabad Call Girls : ☎ 8527673949, Low rate Call GirlsFaridabad Call Girls : ☎ 8527673949, Low rate Call Girls
Faridabad Call Girls : ☎ 8527673949, Low rate Call Girls
 
Mandi House Call Girls : ☎ 8527673949, Low rate Call Girls
Mandi House Call Girls : ☎ 8527673949, Low rate Call GirlsMandi House Call Girls : ☎ 8527673949, Low rate Call Girls
Mandi House Call Girls : ☎ 8527673949, Low rate Call Girls
 
Pragati Maidan Call Girls : ☎ 8527673949, Low rate Call Girls
Pragati Maidan Call Girls : ☎ 8527673949, Low rate Call GirlsPragati Maidan Call Girls : ☎ 8527673949, Low rate Call Girls
Pragati Maidan Call Girls : ☎ 8527673949, Low rate Call Girls
 
Retail Store Scavanger Hunt - Foundation College Park
Retail Store Scavanger Hunt - Foundation College ParkRetail Store Scavanger Hunt - Foundation College Park
Retail Store Scavanger Hunt - Foundation College Park
 
Call Girls in Islamabad | 03274100048 | Call Girl Service
Call Girls in Islamabad | 03274100048 | Call Girl ServiceCall Girls in Islamabad | 03274100048 | Call Girl Service
Call Girls in Islamabad | 03274100048 | Call Girl Service
 
FULL ENJOY - 9953040155 Call Girls in Gtb Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Gtb Nagar | DelhiFULL ENJOY - 9953040155 Call Girls in Gtb Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Gtb Nagar | Delhi
 
Bare And Wild Creation, Curio Shop, Tucumcari NM
Bare And Wild Creation, Curio Shop, Tucumcari NMBare And Wild Creation, Curio Shop, Tucumcari NM
Bare And Wild Creation, Curio Shop, Tucumcari NM
 
9654467111 Call Girls In Noida Sector 62 Short 1500 Night 6000
9654467111 Call Girls In Noida Sector 62 Short 1500 Night 60009654467111 Call Girls In Noida Sector 62 Short 1500 Night 6000
9654467111 Call Girls In Noida Sector 62 Short 1500 Night 6000
 
Karol Bagh Call Girls : ☎ 8527673949, Low rate Call Girls
Karol Bagh Call Girls : ☎ 8527673949, Low rate Call GirlsKarol Bagh Call Girls : ☎ 8527673949, Low rate Call Girls
Karol Bagh Call Girls : ☎ 8527673949, Low rate Call Girls
 
FULL ENJOY - 9953040155 Call Girls in Moti Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Moti Nagar | DelhiFULL ENJOY - 9953040155 Call Girls in Moti Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Moti Nagar | Delhi
 
San Jon Motel, Motel/Residence, San Jon NM
San Jon Motel, Motel/Residence, San Jon NMSan Jon Motel, Motel/Residence, San Jon NM
San Jon Motel, Motel/Residence, San Jon NM
 
FULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | DelhiFULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | Delhi
FULL ENJOY - 9953040155 Call Girls in Laxmi Nagar | Delhi
 
Strip Zagor Extra 322 - Dva ortaka.pdf
Strip Zagor Extra 322 - Dva ortaka.pdfStrip Zagor Extra 322 - Dva ortaka.pdf
Strip Zagor Extra 322 - Dva ortaka.pdf
 
FULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | Delhi
FULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | DelhiFULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | Delhi
FULL ENJOY - 9953040155 Call Girls in Gandhi Vihar | Delhi
 
Downtown Call Girls O5O91O128O Pakistani Call Girls in Downtown
Downtown Call Girls O5O91O128O Pakistani Call Girls in DowntownDowntown Call Girls O5O91O128O Pakistani Call Girls in Downtown
Downtown Call Girls O5O91O128O Pakistani Call Girls in Downtown
 
FULL ENJOY - 9953040155 Call Girls in Karol Bagh | Delhi
FULL ENJOY - 9953040155 Call Girls in Karol Bagh | DelhiFULL ENJOY - 9953040155 Call Girls in Karol Bagh | Delhi
FULL ENJOY - 9953040155 Call Girls in Karol Bagh | Delhi
 
8377087607, Door Step Call Girls In Gaur City (NOIDA) 24/7 Available
8377087607, Door Step Call Girls In Gaur City (NOIDA) 24/7 Available8377087607, Door Step Call Girls In Gaur City (NOIDA) 24/7 Available
8377087607, Door Step Call Girls In Gaur City (NOIDA) 24/7 Available
 
Akola Call Girls #9907093804 Contact Number Escorts Service Akola
Akola Call Girls #9907093804 Contact Number Escorts Service AkolaAkola Call Girls #9907093804 Contact Number Escorts Service Akola
Akola Call Girls #9907093804 Contact Number Escorts Service Akola
 

TechTalksUtah-Sentinel-20191108.pptx

  • 1.
  • 2. • 12:45 PM – Check-in / Food /Networking • 1:00 PM– Welcome/Kickoff • 2:45 PM – Q&A Agenda:
  • 3. • Restrooms – out the front door past the elevators to your right • WiFi • SSID: MSFTGUEST • Password: msevent993gx Facilities:
  • 4. What are Microsoft Tech Talks? • Microsoft Tech Talks is a Technical Community event, designed to bring IT leaders in the local area together at a Microsoft facility, for deep Microsoft- technology based discussions, and • An opportunity to network and share with local Microsoft Services Professionals and other IT professionals. • A Microsoft Services presenter delivers a technically-rich presentation covering a product, product feature, or service that Microsoft offers, • Our presenters are world-class Subject Matter Experts and trusted advisors to our highly-valued customers. • Our meetings are a great opportunity to 'ask the experts' questions about their given field of expertise. • Subjects vary from session to session and attempt to be at the leading edge, showcasing our latest features and products available. • These communities now collectively have over 2500 members that have joined one of the local meetup groups. • We are constantly expanding to a region near you, your friends / colleagues….. https://aka.ms/mttmap
  • 5. We are on meetup!!! • Join Us to keep up to date on our latest events • https://www.meetup.com/mttutah/ • RSVP Closed does not mean Closed! • Look for the Microsoft Events sign-up link! • Tell all your friends / colleagues • Join our Microsoft Community Site for ALL Tech Talk Events throughout the country • PowerPoint Decks are Posted here • https://aka.ms/MTTCommunity
  • 6. Survey https://aka.ms/UtahSurvey VERY Short…8 questions! Please be aware that your feedback is extremely valued and important to us, as in addition to improving the quality of our events, it helps us to justify the time, effort and money in hosting, funding and organizing these events.
  • 7. Azure Security & Sentinel Services Security: Azure Sentinel – Fundamentals Security: Azure Security Center – Fundamentals Security: Cloud App Security Security: Advanced Threat Detection Workshop+: Microsoft Azure: Security Best Practices
  • 8.
  • 9. Introductions 1. Name • Linda Chapman 2. Role • Azure Technical Trainer – MS WWL • Microsoft Certified Trainer - 1996 • Senior Enterprise Architect - 1996 3. Experience • 33 years experience • Developer – 7 years • Infrastructure, Security, Architecture • Cloud Architect since 2010 Azure & AWS  Architecture and Migrations – 20 years  Azure, O365, ASR, CAS, ATP, SQL, Oracle, ServiceNow, VMware, Citrix, AWS  AZ-300/301, WS-500, DP-200, DP-201, AZ- 103, AI-100, M365 Gamer 6Nerds.com 4 Children 4 dogs 7 cats Utah/Texas https://www.linkedin.com/in/LindaChapman https://blogs.technet.microsoft.com/lindachapman/
  • 11. Too many disconnected products High volume of noisy alerts Security skills in short supply Lack of automation Rising infrastructure costs and upfront investment IT deployment & maintenance Sophistication of threats Traditional SOC Challenges
  • 12. Cloud + Artificial Intelligence Security Operations Team Azure Sentinel is a cloud-native SIEM
  • 13. Introducing Microsoft Azure Sentinel Azure Sentinel Cloud-native SIEM + SOAR (Security Orchestration, Automation and Response) for intelligent security analytics for your entire enterprise Respond Rapidly and automate protection Detect Threats with vast threat intelligence and AI Investigate Collect Security data across your enterprise Critical incidents guided by AI Limitless cloud speed and scale Bring your Office 365 data for Free Easy integration with your existing tools Faster threat protection with AI by your side
  • 14. Azure Sentinel – Across Security Center © Microsoft Corporation Azure
  • 16. Azure Sentinel – Cloud Native SIEM + SOAR Azure Sentinel is a true cloud native software as a service solution for SIEM+SOAR (Security information and event management + Security orchestration and automated response) with automatic scalability, no server installation, maintenance, or complex configuration. It lets your SecOps team focus on the most important tasks- defending against threats to your organization. Microsoft Azure Sentinel is a PaaS service started with ArcSite with using Azure Data Explorer using LogicApps as it’s built in Automation engine. It uses Azure Log Analytics our log platform, in the background for it’s data.
  • 17. Focus on security, unburden SecOps from IT tasks © Microsoft Corporation Azure No infrastructure setup or maintenance SIEM Service available in Azure portal Scale automatically, put no limits to compute or storage resources
  • 18. Traditional Reduce security and IT costs- Get a cost effective SIEM No infrastructure costs, Only pay for what you use Bring your Office 365 Data for free Predictable Billing with capacity reservations Flexible model, no annual commitments Sentinel Cloud-native, scalable SIEM Hardware setup Maintenance Software setup
  • 20. Collect security data at cloud scale from all sources across your enterprise © Microsoft Corporation Azure Pre-wired integration with Microsoft solutions Connectors for many partner solutions Standard log format support for all sources Proven log platform with more than 10 petabytes of daily ingestion
  • 21. Optimize for your needs © Microsoft Corporation Azure Bring your own insights, machine learning models, and threat intelligence Tap into our security community to build on detections, threat intelligence, and response automation. Bring your own ML Models & Threat Intelligence Security Community
  • 22. Linda Chapman Live Demo © Microsoft Corporation Azure
  • 23. Azure Sentinel – Data Connectors © Microsoft Corporation Azure
  • 24. Azure Sentinel – Data Connectors © Microsoft Corporation Azure
  • 25. Azure Sentinel – Overview Dashboard © Microsoft Corporation Azure
  • 26. Sentinel is back by Log Analytics Workspace © Microsoft Corporation Azure
  • 27. Sentinel – News & Guides © Microsoft Corporation Azure
  • 28. Sentinel – Threat Management - Incidents © Microsoft Corporation Azure
  • 29. Sentinel – Threat Management - Workbooks © Microsoft Corporation Azure
  • 30. Sentinel – Threat Management - Hunting © Microsoft Corporation Azure
  • 31. Sentinel – Threat Management - Notebooks © Microsoft Corporation Azure
  • 32. Sentinel – Configuration – Data Connectors © Microsoft Corporation Azure
  • 33. Sentinel – Configuration - Analytics © Microsoft Corporation Azure
  • 34. Sentinel – Configuration - Playbooks © Microsoft Corporation Azure
  • 35. Sentinel – Configuration - Community © Microsoft Corporation Azure
  • 36. Sentinel – Configuration - Settings © Microsoft Corporation Azure
  • 38. AI by your side
  • 39. Detect threats and analyze security data quickly with AI © Microsoft Corporation Azure ML models based on decades of Microsoft security experience and learnings Millions of signals filtered to few correlated and prioritized incidents Insights based on vast Microsoft threat intelligence and your own TI Reduce alert fatigue by up to 90% Correlated rules User Entity Behavior Analysis integrated with Microsoft 365 Bring your own ML models Pre-built Machine Learning models Threat Detection and Analysis
  • 40. Respond rapidly with built-in orchestration and automation Build automated and scalable playbooks that integrate across tools ! Security Products Ticketing Systems (ServiceNow) Additional tools
  • 41. How it works © Microsoft Corporation Azure Microsoft Services Analyze & Detect Investigate & Hunt Automate & Orchestrate Response Visibility Data Ingestion Data Repository Data Search Enrichment Integrate Collect
  • 42. Investigate threats with AI and hunt suspicious activities at scale © Microsoft Corporation Azure Get prioritized alerts and automated expert guidance Visualize the entire attack and its impact Hunt for suspicious activities using pre-built queries and Azure Notebooks
  • 43. Threat detection, investigation and response © Microsoft Corporation Azure
  • 44. Azure Sentinel Data store Automation User interface Rules Machine learning Search & investigation On Premises Other Clouds & SaaS Apps Customer’s Tenant
  • 45. Customer’s Tenant Azure Sentinel (Optional) Collector Proxy Azure Sentinel on-premises collection options: 1. Agent 2. CEF/Syslog 3. WEF 4. Native Collection 5. Logic Apps 6. Direct API + Logstash All methods can be applied to Cloud IaaS. OS events, DNS, Windows FW, DHCP agent agent CEF or Syslog connector Syslog (TLS, TCP, UDP) Branch Office Auto deployed cloud CEF of Syslog connector WEF Connector HTTPS WEC Direct Integration for supported sources
  • 47.
  • 48. Azure Sentinel Syslog Collector (Dedicated Linux VM)
  • 49. Azure Azure Sentinel Syslog Collector (Dedicated VM)
  • 50. On Prem Azure Sentinel Syslog Collector (Dedicated VM)
  • 51. Azure Sentinel Syslog Collector (Dedicated Windows VM)
  • 52. Closing - Get started with Azure Sentinel To learn more, visit https://aka.ms/AzureSentinel Connect data sources Start Microsoft Azure trial Open Azure Sentinel dashboard in Azure Portal
  • 54. Survey https://aka.ms/UtahSurvey VERY Short…8 questions! Please be aware that your feedback is extremely valued and important to us, as in addition to improving the quality of our events, it helps us to justify the time, effort and money in hosting, funding and organizing these events.