Azure Sentinel.pptx

Secure your Infrastructure
with Azure Sentinel
Mohit Chhabra
Microsoft Azure MVP
Configit |Germany
https://www.linkedin.com/company/pdcconf @PDCConf https://www.facebook.com/pdcconf

Thank you to all our generous sponsors
Supported by Powered by Organized by
Sponsored by

Mohit Chhabra
S
Twitter username
LinkedIn username
Powered By
September 16th & 17th
Online Event
International Conference
Speaker

Security Operations Team
Expanding digital estate

Too many
disconnected
products
High volume
of noisy alerts
Security skills
in short supply
Lack of
automation
Rising infrastructure
costs and upfront
investment
IT deployment &
maintenance
Sophistication
of threats
Traditional SOC Challenges

Cloud + Artificial Intelligence
Security
Operations Team
Azure Sentinel is a cloud-native SIEM

Introducing Microsoft Azure Sentinel
Azure Sentinel
Cloud-native SIEM + SOAR (Security Orchestration, Automation and Response)
for intelligent security
analytics for your entire enterprise
Respond
Rapidly and
automate protection
Detect
Threats with vast
threat intelligence
and AI
Investigate
Collect
Security data across
your enterprise
Critical incidents
guided by AI
Limitless cloud speed and scale
Bring your Office 365 data for Free
Easy integration with your existing tools
Faster threat protection with AI by your side

Azure Sentinel – Across Security Center
© Microsoft Corporation Azure

Connectors - https://techcommunity.microsoft.com/t5/Azure-Sentinel/bg-p/AzureSentinelBlog

Azure Sentinel – Cloud Native SIEM + SOAR
Azure Sentinel is a true cloud native software as a
service solution for SIEM+SOAR (Security information
and event management + Security orchestration and
automated response) with automatic scalability, no
server installation, maintenance, or complex
configuration. It lets your SecOps team focus on the
most important tasks- defending against threats to
your organization.
Microsoft Azure Sentinel is a PaaS service started with
ArcSite with using Azure Data Explorer using LogicApps
as it’s built in Automation engine. It uses Azure Log
Analytics our log platform, in the background for it’s
data.

Focus on security, unburden SecOps from IT tasks
No infrastructure setup or maintenance
SIEM Service available in Azure portal
Scale automatically, put no limits to
compute or storage resources

Traditional
Reduce security and IT costs- Get a cost effective SIEM
No infrastructure costs, Only pay for
what you use
Bring your Office 365 Data for free
Predictable Billing with capacity
reservations
Flexible model, no annual
commitments
Sentinel
Cloud-native, scalable SIEM
Hardware
setup
Maintenance Software
setup

Integrate with existing
tools
& data sources

Collect security data at cloud scale from all sources across your enterprise
Pre-wired integration with Microsoft solutions
Connectors for many partner solutions
Standard log format support for all sources
Proven log platform with more than
10 petabytes of daily ingestion

Optimize for your needs
Bring your own insights, machine learning models, and
threat intelligence
Tap into our security community to build on detections,
threat intelligence, and response automation.
Bring your own ML Models
& Threat Intelligence
Security Community

Live Demo
• Mohit Chhabra

Azure Sentinel – Data Connectors

Azure Sentinel – Overview Dashboard

Sentinel is back by Log Analytics Workspace

Sentinel – News & Guides

Sentinel – Threat Management - Incidents

Sentinel – Threat Management - Workbooks

Sentinel – Threat Management - Hunting

Sentinel – Threat Management - Notebooks

Sentinel – Configuration – Data Connectors

Sentinel – Configuration - Analytics

Sentinel – Configuration - Playbooks

Sentinel – Configuration - Community

Sentinel – Configuration - Settings

GitHub

Detect threats and analyze security
data quickly with AI
ML models based on decades of Microsoft
security experience and learnings
Millions of signals filtered to few correlated
and prioritized incidents
Insights based on vast Microsoft threat
intelligence and your own TI
Reduce alert fatigue by up to 90%
Correlated
rules
User Entity Behavior
Analysis integrated with
Microsoft 365
Bring your own
ML models
Pre-built Machine
Learning models
Threat Detection
and Analysis

Respond rapidly with built-in orchestration and automation
Build automated and
scalable playbooks that
integrate across tools
! Security Products
Ticketing Systems
(ServiceNow)
Additional tools

How it works
Microsoft
Services
Analyze & Detect Investigate & Hunt Automate &
Orchestrate Response
Visibility
Data Ingestion Data Repository Data Search
Enrichment
Integrate
Collect

Investigate threats with AI and hunt suspicious activities at scale
Get prioritized alerts and automated
expert guidance
Visualize the entire attack and its
impact
Hunt for suspicious activities using
pre-built queries and Azure
Notebooks

Threat detection, investigation and response

Azure Sentinel
Data store
Automation
User interface
Rules
Machine learning
Search & investigation
On Premises
Other Clouds
& SaaS Apps
Customer’s Tenant

Customer’s
Tenant
Azure Sentinel
(Optional)
Collector
Proxy
Azure Sentinel on-premises
collection options:
1. Agent
2. CEF/Syslog
3. WEF
4. Native Collection
5. Logic Apps
6. Direct API + Logstash
All methods can be applied to
Cloud IaaS.
OS events, DNS, Windows FW, DHCP
agent agent
CEF or Syslog
connector
Syslog (TLS, TCP, UDP)
Branch Office
Auto deployed
cloud CEF of
Syslog
connector
WEF
Connector
HTTPS
WEC
Direct Integration for
supported sources

Basics:
 Windows Events
 Linux Syslog
Extras:
 DNS events (DCs)
 Windows Firewall events
 IIS events
 Local files
 FluentD plug-ins

• Windows or Linux
• Automated install in Azure
• Central management
• Proxy support
• Additional Azure management
functions
• Well documented

Syslog/CEF Collection
Azure Sentinel Syslog Collector
(Dedicated Linux VM)

Azure
Syslog/CEF Collection: Cloud based collector
(Dedicated VM)

On Prem
Syslog/CEF Collection: On-prem based
collector
(Dedicated VM)

Windows Event Forwarding*
(Dedicated Windows VM)

Azure Sentinel.pptx

More Related Content

What's hot

Similar to Azure Sentinel.pptx

More from Mohit Chhabra

Recently uploaded

Azure Sentinel.pptx