SlideShare a Scribd company logo

Microsoft Sentinel- a cloud native SIEM & SOAR.pdf

K
Kranthi Aragonda

Introduction to the Microsoft Sentinel- a cloud native SIEM & SOAR.pdf

Technology
1 of 20
Download to read offline
Microsoft Sentinel - a cloud-native SIEM & SOAR Knowledge Sharing Session By Kranthi Aragonda Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved
Agenda: • What is SOAR • Important SOAR capabilities • Benefits & Drawbacks • SIEM vs SOAR • Microsoft Sentinel • Data Connectors • Workbooks • Analytics • Security automation & orchestration • Investigation • Hunting • Notebooks • Resources & Certifications. Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved
What is SOAR Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • SOAR is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events without human assistance. SOAR platforms have three main components: security orchestration, security automation and security response. • The goal of using a SOAR platform is to improve the efficiency of physical and digital security operations.
Important SOAR capabilities Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Security incident response platforms, which include capabilities such as vulnerability management, case management, incident management, workflows, incident knowledge base, auditing and logging capabilities, reporting and more; • Security orchestration and automation, which include integrations, workflow automation, playbooks, playbook management, data gathering, log analysis and account lifecycle management; and • Threat intelligence platforms, which include threat intelligence aggregation, analysis and distribution, alert context enrichment and threat intelligence visualization.
Benefits & drawbacks of SOAR tool Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • SOAR is not a replacement for other security tools, but rather is a complementary technology. SOAR platforms are also not a replacement for human analysts, but instead augment their skills and workflows for more effective incident detection and response. • Faster incident detection. • Better threat context. • Simplified management. • Boosting analysts’ productivity. Benefits Drawbacks • failure to remediate a broader security strategy. • conflated expectations. • deployment and management complexity. • lack of or limited metrics.
SIEM vs SOAR Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • SIEM systems collect data, identify deviations, rank threats and generate alerts. • SIEM systems only alert security analysts of a potential event SIEM SOAR • SOAR systems also handle these tasks but have additional capabilities. • First, SOAR platforms integrate with a wider range of internal and external applications, both security and non-security. • Second, SOAR platforms use automation, AI and machine learning to provide greater context and automated responses to those threats.
Microsoft Sentinel Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response. • Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds. • Respond to incidents rapidly with built- in orchestration and automation of common tasks. • Detect previously undetected threats and minimize false positives using Microsoft's analytics and unparalleled threat intelligence. • Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
Data Connectors Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Microsoft Sentinel comes with several connectors for Microsoft solutions, available and providing real-time integration, including Microsoft 365 Defender solutions, and Microsoft 365 sources, including Office 365, Azure AD, Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps, and more. • In addition, there are built-in connectors to the broader security ecosystem for non-Microsoft solutions. You can also use common event format, Syslog or REST-API to connect your data sources with Microsoft Sentinel as well.
Data Connectors Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved
Workbooks Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • we can monitor the data using the Microsoft Sentinel integration with Azure Monitor Workbooks, which provides versatility in creating custom workbooks.
Workbooks Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Microsoft Sentinel Workbooks allow security analysts and admins to view data about security in their environment using graphical displays.
Analytics Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved Microsoft Sentinel uses analytics to correlate alerts into incidents. Incidents are groups of related alerts that together create an actionable possible-threat that you can investigate and resolve
Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved Analytics • Detect previously undetected threats and minimize false positives using Microsoft's analytics and unparalleled threat intelligence.
Security automation & orchestration Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Automation of common tasks and simplify security orchestration with playbooks that integrate with Azure services and existing tools • Playbooks are intended for SOC engineers and analysts of all tiers, to automate and simplify tasks, including data ingestion, enrichment, investigation, and remediation
Sample Playbook Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved
Investigation Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved Microsoft Sentinel deep investigation tools helps to understand the scope and find the root cause, of a potential security threat. we can choose an entity on the interactive graph to ask interesting questions for a specific entity, and drill down into that entity and its connections to get to the root cause of the threat.
Hunting Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Microsoft Sentinel's hunting search-and-query tools, based on the MITRE framework, which enables to proactively hunt for security threats across organization’s data sources, before an alert is triggered. • After discovering which hunting query provides high-value insights into possible attacks, we can create custom detection rules based on your query, and surface those insights as alerts to security incident responders
Notebooks Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Microsoft Sentinel notebooks are intended for threat hunters or Tier 2-3 analysts, incident investigators, data scientists, and security researchers. • Notebooks provide queries to both Microsoft Sentinel and external data, features for data enrichment, investigation, visualization, hunting, machine learning, and big data analytics. • Notebooks require a higher learning curve and coding knowledge and have limited automation support.
Resources & Certifications Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Microsoft Sentinel documentation • SC-900: Microsoft Security, Compliance, and Identity Fundamentals • SC-200: Microsoft Security Operations Analyst • Microsoft Sentinel Ninja: The complete level 400 training
N E W Y O R K | D U B A I | M U M B A I | P U N E | D E L H I | B E N G A L U R U | S I N G A P O R E 20 ©2022 Network Intelligence. All Rights Reserved.

Recommended

SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure SentinelBGA Cyber Security
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOARSiemplify
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadarPencilData
 

Recommended

SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
SIEM presentation final
SIEM presentation finalSIEM presentation final
SIEM presentation finalRizwan S
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure SentinelBGA Cyber Security
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
Need of SIEM when You have SOAR
Need of SIEM when You have SOARNeed of SIEM when You have SOAR
Need of SIEM when You have SOARSiemplify
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
SIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsSIEM - Activating Defense through Response by Ankur Vats
SIEM - Activating Defense through Response by Ankur VatsOWASP Delhi
 
Introduction to QRadar
Introduction to QRadarIntroduction to QRadar
Introduction to QRadarPencilData
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelCheah Eng Soon
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdfPencilData
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptxAjit Wadhawan
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...carlitocabana
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure SentinelCheah Eng Soon
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptxuthayakumar174828
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionDavid J Rosenthal
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
How to Reduce the Financial Impact of Security Incidents by 90% or More with ...
How to Reduce the Financial Impact of Security Incidents by 90% or More with ...How to Reduce the Financial Impact of Security Incidents by 90% or More with ...
How to Reduce the Financial Impact of Security Incidents by 90% or More with ...D3 Security
 
PKI.pptx
PKI.pptxPKI.pptx
PKI.pptxAjit Wadhawan
 

More Related Content

What's hot

PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)k33a
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelCheah Eng Soon
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdfPencilData
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...carlitocabana
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehReZa AdineH
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsSagar Joshi
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionDavid J Rosenthal
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligencemohamed nasri
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1Priyanka Aash
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتReZa AdineH
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewCamilo Fandiño Gómez
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 

What's hot (20)

PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)Security Information and Event Management (SIEM)
Security Information and Event Management (SIEM)
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
 
QRadar Architecture.pdf
QRadar Architecture.pdfQRadar Architecture.pdf
QRadar Architecture.pdf
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptx
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure Sentinel
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Effective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza AdinehEffective Security Operation Center - present by Reza Adineh
Effective Security Operation Center - present by Reza Adineh
 
What is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the BasicsWhat is SIEM? A Brilliant Guide to the Basics
What is SIEM? A Brilliant Guide to the Basics
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat Protection
 
Cyber Threat Intelligence
Cyber Threat IntelligenceCyber Threat Intelligence
Cyber Threat Intelligence
 
SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1SOC Architecture Workshop - Part 1
SOC Architecture Workshop - Part 1
 
Security operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیتSecurity operations center-SOC Presentation-مرکز عملیات امنیت
Security operations center-SOC Presentation-مرکز عملیات امنیت
 
IBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence OverviewIBM QRadar Security Intelligence Overview
IBM QRadar Security Intelligence Overview
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 

Similar to Microsoft Sentinel- a cloud native SIEM & SOAR.pdf

How to Reduce the Financial Impact of Security Incidents by 90% or More with ...
How to Reduce the Financial Impact of Security Incidents by 90% or More with ...How to Reduce the Financial Impact of Security Incidents by 90% or More with ...
How to Reduce the Financial Impact of Security Incidents by 90% or More with ...D3 Security
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyMicrosoft Österreich
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareCloudera, Inc.
 
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsRisk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsSecureIoT H2020 funded project
 
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Draup3
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostPrecisely
 
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...SolarWinds
 
Microsoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterpriseMicrosoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterprisessuserd58af7
 
Azure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAsaf Nakash
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigateMatt Soseman
 
QRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdfQRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdfssuserf5beb3
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisJim Kaplan CIA CFE
 
Microsoft Sentinel and Its Components.pptx
Microsoft Sentinel and Its Components.pptxMicrosoft Sentinel and Its Components.pptx
Microsoft Sentinel and Its Components.pptxInfosectrain3
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)Norm Barber
 
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...Prometix Pty Ltd
 
Digitalstakeout Scout Overview
Digitalstakeout Scout OverviewDigitalstakeout Scout Overview
Digitalstakeout Scout OverviewDigitalStakeout
 

Similar to Microsoft Sentinel- a cloud native SIEM & SOAR.pdf (20)

How to Reduce the Financial Impact of Security Incidents by 90% or More with ...
How to Reduce the Financial Impact of Security Incidents by 90% or More with ...How to Reduce the Financial Impact of Security Incidents by 90% or More with ...
How to Reduce the Financial Impact of Security Incidents by 90% or More with ...
 
PKI.pptx
PKI.pptxPKI.pptx
PKI.pptx
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
cb-EDR-V7_a4_Digital
cb-EDR-V7_a4_Digitalcb-EDR-V7_a4_Digital
cb-EDR-V7_a4_Digital
 
Secure the modern Enterprise
Secure the modern EnterpriseSecure the modern Enterprise
Secure the modern Enterprise
 
Protecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomwareProtecting health and life science organizations from breaches and ransomware
Protecting health and life science organizations from breaches and ransomware
 
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster ProjectsRisk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
Risk Assessment Solutions of H2020 IoT Security/Privacy Cluster Projects
 
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
Securing the Digital Frontier - An Analysis of Cybersecurity Landscape and Tr...
 
IBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter MostIBM i Security: Identifying the Events That Matter Most
IBM i Security: Identifying the Events That Matter Most
 
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
Government and Education Webinar: How to Reduce Vulnerabilities and Harden yo...
 
Microsoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterpriseMicrosoft Security adoptionguide for the enterprise
Microsoft Security adoptionguide for the enterprise
 
Azure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and complianceAzure Operation Management Suite - security and compliance
Azure Operation Management Suite - security and compliance
 
Using m365 defender to protect against solorigate
Using m365 defender to protect against solorigateUsing m365 defender to protect against solorigate
Using m365 defender to protect against solorigate
 
QRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdfQRadar-XDR-Solution.pdf
QRadar-XDR-Solution.pdf
 
Cybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log AnalysisCybersecurity Series SEIM Log Analysis
Cybersecurity Series SEIM Log Analysis
 
Microsoft Sentinel and Its Components.pptx
Microsoft Sentinel and Its Components.pptxMicrosoft Sentinel and Its Components.pptx
Microsoft Sentinel and Its Components.pptx
 
SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)SAM05_Barber PW (7-9-15)
SAM05_Barber PW (7-9-15)
 
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
 
Digitalstakeout Scout Overview
Digitalstakeout Scout OverviewDigitalstakeout Scout Overview
Digitalstakeout Scout Overview
 
go secure cloud.pdf
go secure cloud.pdfgo secure cloud.pdf
go secure cloud.pdf
 

Recently uploaded

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 

Recently uploaded (20)

Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
The transition to renewables in India.pdf
The transition to renewables in India.pdfThe transition to renewables in India.pdf
The transition to renewables in India.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 

Microsoft Sentinel- a cloud native SIEM & SOAR.pdf

  • 1. Microsoft Sentinel - a cloud-native SIEM & SOAR Knowledge Sharing Session By Kranthi Aragonda Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved
  • 2. Agenda: • What is SOAR • Important SOAR capabilities • Benefits & Drawbacks • SIEM vs SOAR • Microsoft Sentinel • Data Connectors • Workbooks • Analytics • Security automation & orchestration • Investigation • Hunting • Notebooks • Resources & Certifications. Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved
  • 3. What is SOAR Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • SOAR is a stack of compatible software programs that enables an organization to collect data about security threats and respond to security events without human assistance. SOAR platforms have three main components: security orchestration, security automation and security response. • The goal of using a SOAR platform is to improve the efficiency of physical and digital security operations.
  • 4. Important SOAR capabilities Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Security incident response platforms, which include capabilities such as vulnerability management, case management, incident management, workflows, incident knowledge base, auditing and logging capabilities, reporting and more; • Security orchestration and automation, which include integrations, workflow automation, playbooks, playbook management, data gathering, log analysis and account lifecycle management; and • Threat intelligence platforms, which include threat intelligence aggregation, analysis and distribution, alert context enrichment and threat intelligence visualization.
  • 5. Benefits & drawbacks of SOAR tool Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • SOAR is not a replacement for other security tools, but rather is a complementary technology. SOAR platforms are also not a replacement for human analysts, but instead augment their skills and workflows for more effective incident detection and response. • Faster incident detection. • Better threat context. • Simplified management. • Boosting analysts’ productivity. Benefits Drawbacks • failure to remediate a broader security strategy. • conflated expectations. • deployment and management complexity. • lack of or limited metrics.
  • 6. SIEM vs SOAR Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • SIEM systems collect data, identify deviations, rank threats and generate alerts. • SIEM systems only alert security analysts of a potential event SIEM SOAR • SOAR systems also handle these tasks but have additional capabilities. • First, SOAR platforms integrate with a wider range of internal and external applications, both security and non-security. • Second, SOAR platforms use automation, AI and machine learning to provide greater context and automated responses to those threats.
  • 7. Microsoft Sentinel Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for attack detection, threat visibility, proactive hunting, and threat response. • Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds. • Respond to incidents rapidly with built- in orchestration and automation of common tasks. • Detect previously undetected threats and minimize false positives using Microsoft's analytics and unparalleled threat intelligence. • Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
  • 8. Data Connectors Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Microsoft Sentinel comes with several connectors for Microsoft solutions, available and providing real-time integration, including Microsoft 365 Defender solutions, and Microsoft 365 sources, including Office 365, Azure AD, Microsoft Defender for Identity, and Microsoft Defender for Cloud Apps, and more. • In addition, there are built-in connectors to the broader security ecosystem for non-Microsoft solutions. You can also use common event format, Syslog or REST-API to connect your data sources with Microsoft Sentinel as well.
  • 9. Data Connectors Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved
  • 10. Workbooks Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • we can monitor the data using the Microsoft Sentinel integration with Azure Monitor Workbooks, which provides versatility in creating custom workbooks.
  • 11. Workbooks Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Microsoft Sentinel Workbooks allow security analysts and admins to view data about security in their environment using graphical displays.
  • 12. Analytics Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved Microsoft Sentinel uses analytics to correlate alerts into incidents. Incidents are groups of related alerts that together create an actionable possible-threat that you can investigate and resolve
  • 13. Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved Analytics • Detect previously undetected threats and minimize false positives using Microsoft's analytics and unparalleled threat intelligence.
  • 14. Security automation & orchestration Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Automation of common tasks and simplify security orchestration with playbooks that integrate with Azure services and existing tools • Playbooks are intended for SOC engineers and analysts of all tiers, to automate and simplify tasks, including data ingestion, enrichment, investigation, and remediation
  • 15. Sample Playbook Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved
  • 16. Investigation Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved Microsoft Sentinel deep investigation tools helps to understand the scope and find the root cause, of a potential security threat. we can choose an entity on the interactive graph to ask interesting questions for a specific entity, and drill down into that entity and its connections to get to the root cause of the threat.
  • 17. Hunting Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Microsoft Sentinel's hunting search-and-query tools, based on the MITRE framework, which enables to proactively hunt for security threats across organization’s data sources, before an alert is triggered. • After discovering which hunting query provides high-value insights into possible attacks, we can create custom detection rules based on your query, and surface those insights as alerts to security incident responders
  • 18. Notebooks Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Microsoft Sentinel notebooks are intended for threat hunters or Tier 2-3 analysts, incident investigators, data scientists, and security researchers. • Notebooks provide queries to both Microsoft Sentinel and external data, features for data enrichment, investigation, visualization, hunting, machine learning, and big data analytics. • Notebooks require a higher learning curve and coding knowledge and have limited automation support.
  • 19. Resources & Certifications Privileged & Confidential |©2022, Network Intelligence. All Rights Reserved • Microsoft Sentinel documentation • SC-900: Microsoft Security, Compliance, and Identity Fundamentals • SC-200: Microsoft Security Operations Analyst • Microsoft Sentinel Ninja: The complete level 400 training
  • 20. N E W Y O R K | D U B A I | M U M B A I | P U N E | D E L H I | B E N G A L U R U | S I N G A P O R E 20 ©2022 Network Intelligence. All Rights Reserved.