SlideShare a Scribd company logo

Azure Sentinel Introduction

Robert Crane
Robert Crane

April 2021 presentation to Brisbane Azure User group

Internet
1 of 18
Download to read offline
Introduction to Azure Sentinel April 2021 @directorcia http://about.me/ciaops
Acronyms •SIEM – Security Information and Event Management •SOAR – Security, Orchestration, Automation and Response
Introducing Microsoft Azure Sentinel Cloud-native SIEM for intelligent security analytics for your entire enterprise Limitless cloud speed and scale Bring your Office 365 + M365 Alerts for Free Easy integration with your existing tools Faster threat protection with AI by your side Respond Rapidly and automate protection Detect Threats with vast threat intelligence & AI Collect Security data across your enterprise Investigate Critical incidents guided by AI Azure Sentinel Cloud-native SIEM+SOAR
Enrichment with Intelligence (Geo location, IP Reputation) Core capabilities © Microsoft Corporation Azure Microsoft Services Public Clouds Security solutions Integrate ServiceNow Community Other tools Apps, users, infrastructure Collect Automate & orchestrate response Playbooks Investigate & hunt suspicious activities Interactive Attack Visualization, Azure Notebooks Analyze & detect threats Machine learning, UEBA Data Search Data Repository Azure Monitor (log analytics) Data Ingestion
What is Azure Sentinel? Traditional No infrastructure costs, Only pay for what you use Predictable Billing with capacity reservations Flexible model, no annual commitments Free ingestion for O365 Audit Logs, Azure Activity Logs and M365 Security Alerts Sentinel Cloud-native, scalable SIEM Hardware setup Maintenance Software setup
And how it plays into the larger story… Pre-wired integration with Microsoft solutions Connectors for many partner solutions Standard log format support for all sources Proven log platform with more than 10 petabytes of daily ingestion
Workspace Design (Single Tenant)
Workspace Design (Multi-Tenant) Azure Lighthouse
All the ways data gets in Workspace Azure Sentinel Custom App Appliances (Integrated) Azure Services (Diagnostic Logs) AAD, AAD IP, Azure Activity, AIP, ASC, AzWAF, … Threat Intelligence (via Graph Security API) MISP, Palo Alto…. Logic App – Send Data Connector Cloud Services w/ Connector O365, MCAS, AATP, MDATP, AWS Windows Agent Linux Agent Linux Agent – Configured for CEF Appliances (CEF) P U S H P U S H P U S H P U L L Rest API P U S H
CEF architecture On prem Syslog Over UDP, TCP, or TLS default port: 514
Data Collectors (Quick Wins) Enable 1st Party Connectors that are running in the environment Most are free ▪ O365 ▪ Azure Activity ▪ 1st Party Alerts – MCAS, AATP, MDATP, AAD IP Connect AWS Connect / Configure Azure Diagnostic Logs (Policy) Deploy Windows/Linux Agent in Azure (built-in Policy)
Data Collectors (Next Steps) Deploy Windows/Linux Agent on-prem / other clouds Deploy CEF Collection ▪ Configure CEF collector using configuration script ▪ Configure source devices – ensure they support RFC and CEF. ▪ See the “Grand List” https://techcommunity.microsoft.com/t5/Azure- Sentinel/Azure-Sentinel-The-Syslog-and-CEF-source- configuration-grand/ba-p/803891 Integrate Threat Intelligence
Resources • Sentinel Quickstart - https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard • Connect data sources - https://docs.microsoft.com/en-us/azure/sentinel/connect-data- sources • Tutorial: Investigate incidents – https://docs.microsoft.com/en-us/azure/sentinel/tutorial- investigate-cases • Become an Azure Sentinel Ninja – https://techcommunity.microsoft.com/t5/azure- sentinel/become-an-azure-sentinel-ninja-the-complete-level-400-training/ba-p/1246310 • Azure Sentinel on Microsoft Learn - https://techcommunity.microsoft.com/t5/itops-talk- blog/learn-azure-sentinel-on-microsoft-learn/ba-p/2006346 • Visualise your data - https://docs.microsoft.com/en-us/azure/sentinel/tutorial-monitor- your-data • Azure Sentinel Workbooks 101 - https://techcommunity.microsoft.com/t5/azure- sentinel/azure-sentinel-workbooks-101-with-sample-workbook/ba-p/1409216
CIAOPS Resources • Blog – http://blog.ciaops.com • Github – http://github.com/directorcia • Free Office 365, Azure Administration newsletter – http://bit.ly/cia-o365-tech • Free Office 365, Azure video tutorials – http://www.youtube.com/directorciaops • Free documents, presentations, eBooks – http://slideshare.net/directorcia • Office 365, Azure, Cloud podcast – http://ciaops.podbean.com • Office 365, Azure online training courses – http://www.ciaopsacademy.com • Office 365 and Azure community – http://www.ciaopspatron.com Twitter @directorcia Facebook https://www.facebook.com/ciaops Email director@ciaops.com Teams admin@ciaops365.com

Recommended

Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure SentinelBGA Cyber Security
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelCheah Eng Soon
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure SentinelCheah Eng Soon
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...carlitocabana
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Matt Soseman
 

Recommended

Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure SentinelBGA Cyber Security
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelCheah Eng Soon
 
Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinelarnaudlh
 
Azure Sentinel.pptx
Azure Sentinel.pptxAzure Sentinel.pptx
Azure Sentinel.pptxMohit Chhabra
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxAmrMousa51
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure SentinelCheah Eng Soon
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...carlitocabana
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Matt Soseman
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero TrustDavid J Rosenthal
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinelMarius Sandbu
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
Cloud Security
Cloud SecurityCloud Security
Cloud SecurityAWS User Group Bengaluru
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYMaganathin Veeraragaloo
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation PrasadThorat23
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptxuthayakumar174828
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptxSandeshUprety4
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
IBM Qradar
IBM QradarIBM Qradar
IBM QradarCoenraad Smith
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinelAdam Ochs
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Research
 

More Related Content

What's hot

Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelDavid J Rosenthal
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)Ahmed Ayman
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation centerMuhammad Sahputra
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)Ahmad Haghighi
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for EndpointCheah Eng Soon
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewDavid J Rosenthal
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for BeginnersSKMohamedKasim
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptxMoshe Ferber
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPrime Infoserv
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3Shawn Croswell
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architectureBirendra Negi ☁️
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 

What's hot (20)

Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
 
Security operation center (SOC)
Security operation center (SOC)Security operation center (SOC)
Security operation center (SOC)
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
 
Next-Gen security operation center
Next-Gen security operation centerNext-Gen security operation center
Next-Gen security operation center
 
Cloud Security
Cloud SecurityCloud Security
Cloud Security
 
CLOUD NATIVE SECURITY
CLOUD NATIVE SECURITYCLOUD NATIVE SECURITY
CLOUD NATIVE SECURITY
 
An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)An introduction to SOC (Security Operation Center)
An introduction to SOC (Security Operation Center)
 
Splunk-Presentation
Splunk-Presentation Splunk-Presentation
Splunk-Presentation
 
Crowdstrike .pptx
Crowdstrike .pptxCrowdstrike .pptx
Crowdstrike .pptx
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
 
SOC and SIEM.pptx
SOC and SIEM.pptxSOC and SIEM.pptx
SOC and SIEM.pptx
 
Threat hunting for Beginners
Threat hunting for BeginnersThreat hunting for Beginners
Threat hunting for Beginners
 
Cloud Security Architecture.pptx
Cloud Security Architecture.pptxCloud Security Architecture.pptx
Cloud Security Architecture.pptx
 
IBM Qradar
IBM QradarIBM Qradar
IBM Qradar
 
PaloAlto Enterprise Security Solution
PaloAlto Enterprise Security SolutionPaloAlto Enterprise Security Solution
PaloAlto Enterprise Security Solution
 
kill-chain-presentation-v3
kill-chain-presentation-v3kill-chain-presentation-v3
kill-chain-presentation-v3
 
cyber-security-reference-architecture
cyber-security-reference-architecturecyber-security-reference-architecture
cyber-security-reference-architecture
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 

Similar to Azure Sentinel Introduction

Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinelAdam Ochs
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Research
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxJustineGarcia32
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelSamik Roy
 
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a RockstarRencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a RockstarRencore
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityBruno Capuano
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Community
 
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)Amazon Web Services
 
MongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoT
MongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoTMongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoT
MongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoTMongoDB
 
NVS_Sentinel
NVS_SentinelNVS_Sentinel
NVS_SentinelMike Mihm
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS SecurityAmazon Web Services
 
Azure Sentinel with Office 365
Azure Sentinel with Office 365Azure Sentinel with Office 365
Azure Sentinel with Office 365Cheah Eng Soon
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsFredBrandonAuthorMCP
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security OperationsEvident.io
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureUsing Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureCloudVillage
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureJose Hernandez
 
Architecting IoT solutions with Microsoft Azure
Architecting IoT solutions with Microsoft AzureArchitecting IoT solutions with Microsoft Azure
Architecting IoT solutions with Microsoft AzureAlon Fliess
 

Similar to Azure Sentinel Introduction (20)

Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinel
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptx
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinel
 
L400-P1 Overview.pdf
L400-P1 Overview.pdfL400-P1 Overview.pdf
L400-P1 Overview.pdf
 
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a RockstarRencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
Rencore Webinar: Securing Office 365 and Microsoft Azure like a Rockstar
 
Power of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure securityPower of the cloud - Introduction to azure security
Power of the cloud - Introduction to azure security
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
 
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
AWS re:Invent 2016: The Psychology of Security Automation (SAC307)
 
MongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoT
MongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoTMongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoT
MongoDB IoT City Tour STUTTGART: The Microsoft Azure Platform for IoT
 
NVS_Sentinel
NVS_SentinelNVS_Sentinel
NVS_Sentinel
 
Getting started with AWS Security
Getting started with AWS SecurityGetting started with AWS Security
Getting started with AWS Security
 
Azure Sentinel with Office 365
Azure Sentinel with Office 365Azure Sentinel with Office 365
Azure Sentinel with Office 365
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security Solutions
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Automating your AWS Security Operations
Automating your AWS Security OperationsAutomating your AWS Security Operations
Automating your AWS Security Operations
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
 
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security postureUsing Splunk or ELK for Auditing AWS/GCP/Azure Security posture
Using Splunk or ELK for Auditing AWS/GCP/Azure Security posture
 
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security postureUsing Splunk/ELK for auditing AWS/GCP/Azure security posture
Using Splunk/ELK for auditing AWS/GCP/Azure security posture
 
Architecting IoT solutions with Microsoft Azure
Architecting IoT solutions with Microsoft AzureArchitecting IoT solutions with Microsoft Azure
Architecting IoT solutions with Microsoft Azure
 

More from Robert Crane

September 2023 CIAOPS Need to Know Webinar
September 2023 CIAOPS Need to Know WebinarSeptember 2023 CIAOPS Need to Know Webinar
September 2023 CIAOPS Need to Know WebinarRobert Crane
 
August 2023 CIAOPS Need to Know Webinar
August 2023 CIAOPS Need to Know WebinarAugust 2023 CIAOPS Need to Know Webinar
August 2023 CIAOPS Need to Know WebinarRobert Crane
 
July 2023 CIAOPS Need to Know Webinar
July 2023 CIAOPS Need to Know WebinarJuly 2023 CIAOPS Need to Know Webinar
July 2023 CIAOPS Need to Know WebinarRobert Crane
 
June 2023 CIAOPS Need to Know Webinar
June 2023 CIAOPS Need to Know WebinarJune 2023 CIAOPS Need to Know Webinar
June 2023 CIAOPS Need to Know WebinarRobert Crane
 
May 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know WebinarMay 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know WebinarRobert Crane
 
April 2023 CIAOPS Need to Know Webinar
April 2023 CIAOPS Need to Know WebinarApril 2023 CIAOPS Need to Know Webinar
April 2023 CIAOPS Need to Know WebinarRobert Crane
 
March 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know WebinarMarch 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know WebinarRobert Crane
 
January 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know WebinarJanuary 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know WebinarRobert Crane
 
December 2022 CIAOPS Need to Know Webinar
December 2022 CIAOPS Need to Know WebinarDecember 2022 CIAOPS Need to Know Webinar
December 2022 CIAOPS Need to Know WebinarRobert Crane
 
November 2022 CIAOPS Need to Know Webinar
November 2022 CIAOPS Need to Know WebinarNovember 2022 CIAOPS Need to Know Webinar
November 2022 CIAOPS Need to Know WebinarRobert Crane
 
October 2022 CIAOPS Need to Know Webinar
October 2022 CIAOPS Need to Know WebinarOctober 2022 CIAOPS Need to Know Webinar
October 2022 CIAOPS Need to Know WebinarRobert Crane
 
September 2022 CIAOPS Need to Know Webinar
September 2022 CIAOPS Need to Know WebinarSeptember 2022 CIAOPS Need to Know Webinar
September 2022 CIAOPS Need to Know WebinarRobert Crane
 
August 2022 CIAOPS Need to Know Webinar
August 2022 CIAOPS Need to Know WebinarAugust 2022 CIAOPS Need to Know Webinar
August 2022 CIAOPS Need to Know WebinarRobert Crane
 
July 2022 CIAOPS Need to Know Webinar
July 2022 CIAOPS Need to Know WebinarJuly 2022 CIAOPS Need to Know Webinar
July 2022 CIAOPS Need to Know WebinarRobert Crane
 
June 2022 CIAOPS Need to Know Webinar
June 2022 CIAOPS Need to Know WebinarJune 2022 CIAOPS Need to Know Webinar
June 2022 CIAOPS Need to Know WebinarRobert Crane
 
May 2022 CIAOPS Need to Know Webinar
May 2022 CIAOPS Need to Know WebinarMay 2022 CIAOPS Need to Know Webinar
May 2022 CIAOPS Need to Know WebinarRobert Crane
 
April 2022 CIAOPS Need to Know Webinar
April 2022 CIAOPS Need to Know WebinarApril 2022 CIAOPS Need to Know Webinar
April 2022 CIAOPS Need to Know WebinarRobert Crane
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for BusinessRobert Crane
 
March 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know WebinarMarch 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know WebinarRobert Crane
 

More from Robert Crane (20)

202310
202310202310
202310
 
September 2023 CIAOPS Need to Know Webinar
September 2023 CIAOPS Need to Know WebinarSeptember 2023 CIAOPS Need to Know Webinar
September 2023 CIAOPS Need to Know Webinar
 
August 2023 CIAOPS Need to Know Webinar
August 2023 CIAOPS Need to Know WebinarAugust 2023 CIAOPS Need to Know Webinar
August 2023 CIAOPS Need to Know Webinar
 
July 2023 CIAOPS Need to Know Webinar
July 2023 CIAOPS Need to Know WebinarJuly 2023 CIAOPS Need to Know Webinar
July 2023 CIAOPS Need to Know Webinar
 
June 2023 CIAOPS Need to Know Webinar
June 2023 CIAOPS Need to Know WebinarJune 2023 CIAOPS Need to Know Webinar
June 2023 CIAOPS Need to Know Webinar
 
May 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know WebinarMay 2023 CIAOPS Need to Know Webinar
May 2023 CIAOPS Need to Know Webinar
 
April 2023 CIAOPS Need to Know Webinar
April 2023 CIAOPS Need to Know WebinarApril 2023 CIAOPS Need to Know Webinar
April 2023 CIAOPS Need to Know Webinar
 
March 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know WebinarMarch 2023 CIAOPS Need to Know Webinar
March 2023 CIAOPS Need to Know Webinar
 
January 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know WebinarJanuary 2023 CIAOPS Need to Know Webinar
January 2023 CIAOPS Need to Know Webinar
 
December 2022 CIAOPS Need to Know Webinar
December 2022 CIAOPS Need to Know WebinarDecember 2022 CIAOPS Need to Know Webinar
December 2022 CIAOPS Need to Know Webinar
 
November 2022 CIAOPS Need to Know Webinar
November 2022 CIAOPS Need to Know WebinarNovember 2022 CIAOPS Need to Know Webinar
November 2022 CIAOPS Need to Know Webinar
 
October 2022 CIAOPS Need to Know Webinar
October 2022 CIAOPS Need to Know WebinarOctober 2022 CIAOPS Need to Know Webinar
October 2022 CIAOPS Need to Know Webinar
 
September 2022 CIAOPS Need to Know Webinar
September 2022 CIAOPS Need to Know WebinarSeptember 2022 CIAOPS Need to Know Webinar
September 2022 CIAOPS Need to Know Webinar
 
August 2022 CIAOPS Need to Know Webinar
August 2022 CIAOPS Need to Know WebinarAugust 2022 CIAOPS Need to Know Webinar
August 2022 CIAOPS Need to Know Webinar
 
July 2022 CIAOPS Need to Know Webinar
July 2022 CIAOPS Need to Know WebinarJuly 2022 CIAOPS Need to Know Webinar
July 2022 CIAOPS Need to Know Webinar
 
June 2022 CIAOPS Need to Know Webinar
June 2022 CIAOPS Need to Know WebinarJune 2022 CIAOPS Need to Know Webinar
June 2022 CIAOPS Need to Know Webinar
 
May 2022 CIAOPS Need to Know Webinar
May 2022 CIAOPS Need to Know WebinarMay 2022 CIAOPS Need to Know Webinar
May 2022 CIAOPS Need to Know Webinar
 
April 2022 CIAOPS Need to Know Webinar
April 2022 CIAOPS Need to Know WebinarApril 2022 CIAOPS Need to Know Webinar
April 2022 CIAOPS Need to Know Webinar
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
 
March 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know WebinarMarch 2022 CIAOPS Need to Know Webinar
March 2022 CIAOPS Need to Know Webinar
 

Recently uploaded

VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Roomgirls4nights
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxellan12
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts servicevipmodelshub1
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebJames Anderson
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneCall girls in Ahmedabad High profile
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...SofiyaSharma5
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 

Recently uploaded (20)

VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With RoomVIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
VIP Kolkata Call Girls Salt Lake 8250192130 Available With Room
 
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptxAWS Community DAY Albertini-Ellan Cloud Security (1).pptx
AWS Community DAY Albertini-Ellan Cloud Security (1).pptx
 
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts serviceChennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
Chennai Call Girls Alwarpet Phone 🍆 8250192130 👅 celebrity escorts service
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 22 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark WebGDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
GDG Cloud Southlake 32: Kyle Hettinger: Demystifying the Dark Web
 
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service ThaneRussian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
Russian Call Girls Thane Swara 8617697112 Independent Escort Service Thane
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Saket Delhi 💯Call Us 🔝8264348440🔝
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
Low Rate Young Call Girls in Sector 63 Mamura Noida ✔️☆9289244007✔️☆ Female E...
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 

Azure Sentinel Introduction

  • 1. Introduction to Azure Sentinel April 2021 @directorcia http://about.me/ciaops
  • 2. Acronyms •SIEM – Security Information and Event Management •SOAR – Security, Orchestration, Automation and Response
  • 3. Introducing Microsoft Azure Sentinel Cloud-native SIEM for intelligent security analytics for your entire enterprise Limitless cloud speed and scale Bring your Office 365 + M365 Alerts for Free Easy integration with your existing tools Faster threat protection with AI by your side Respond Rapidly and automate protection Detect Threats with vast threat intelligence & AI Collect Security data across your enterprise Investigate Critical incidents guided by AI Azure Sentinel Cloud-native SIEM+SOAR
  • 4.
  • 5. Enrichment with Intelligence (Geo location, IP Reputation) Core capabilities © Microsoft Corporation Azure Microsoft Services Public Clouds Security solutions Integrate ServiceNow Community Other tools Apps, users, infrastructure Collect Automate & orchestrate response Playbooks Investigate & hunt suspicious activities Interactive Attack Visualization, Azure Notebooks Analyze & detect threats Machine learning, UEBA Data Search Data Repository Azure Monitor (log analytics) Data Ingestion
  • 6. What is Azure Sentinel? Traditional No infrastructure costs, Only pay for what you use Predictable Billing with capacity reservations Flexible model, no annual commitments Free ingestion for O365 Audit Logs, Azure Activity Logs and M365 Security Alerts Sentinel Cloud-native, scalable SIEM Hardware setup Maintenance Software setup
  • 7. And how it plays into the larger story… Pre-wired integration with Microsoft solutions Connectors for many partner solutions Standard log format support for all sources Proven log platform with more than 10 petabytes of daily ingestion
  • 8.
  • 9.
  • 12. All the ways data gets in Workspace Azure Sentinel Custom App Appliances (Integrated) Azure Services (Diagnostic Logs) AAD, AAD IP, Azure Activity, AIP, ASC, AzWAF, … Threat Intelligence (via Graph Security API) MISP, Palo Alto…. Logic App – Send Data Connector Cloud Services w/ Connector O365, MCAS, AATP, MDATP, AWS Windows Agent Linux Agent Linux Agent – Configured for CEF Appliances (CEF) P U S H P U S H P U S H P U L L Rest API P U S H
  • 13. CEF architecture On prem Syslog Over UDP, TCP, or TLS default port: 514
  • 14. Data Collectors (Quick Wins) Enable 1st Party Connectors that are running in the environment Most are free ▪ O365 ▪ Azure Activity ▪ 1st Party Alerts – MCAS, AATP, MDATP, AAD IP Connect AWS Connect / Configure Azure Diagnostic Logs (Policy) Deploy Windows/Linux Agent in Azure (built-in Policy)
  • 15.
  • 16. Data Collectors (Next Steps) Deploy Windows/Linux Agent on-prem / other clouds Deploy CEF Collection ▪ Configure CEF collector using configuration script ▪ Configure source devices – ensure they support RFC and CEF. ▪ See the “Grand List” https://techcommunity.microsoft.com/t5/Azure- Sentinel/Azure-Sentinel-The-Syslog-and-CEF-source- configuration-grand/ba-p/803891 Integrate Threat Intelligence
  • 17. Resources • Sentinel Quickstart - https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard • Connect data sources - https://docs.microsoft.com/en-us/azure/sentinel/connect-data- sources • Tutorial: Investigate incidents – https://docs.microsoft.com/en-us/azure/sentinel/tutorial- investigate-cases • Become an Azure Sentinel Ninja – https://techcommunity.microsoft.com/t5/azure- sentinel/become-an-azure-sentinel-ninja-the-complete-level-400-training/ba-p/1246310 • Azure Sentinel on Microsoft Learn - https://techcommunity.microsoft.com/t5/itops-talk- blog/learn-azure-sentinel-on-microsoft-learn/ba-p/2006346 • Visualise your data - https://docs.microsoft.com/en-us/azure/sentinel/tutorial-monitor- your-data • Azure Sentinel Workbooks 101 - https://techcommunity.microsoft.com/t5/azure- sentinel/azure-sentinel-workbooks-101-with-sample-workbook/ba-p/1409216
  • 18. CIAOPS Resources • Blog – http://blog.ciaops.com • Github – http://github.com/directorcia • Free Office 365, Azure Administration newsletter – http://bit.ly/cia-o365-tech • Free Office 365, Azure video tutorials – http://www.youtube.com/directorciaops • Free documents, presentations, eBooks – http://slideshare.net/directorcia • Office 365, Azure, Cloud podcast – http://ciaops.podbean.com • Office 365, Azure online training courses – http://www.ciaopsacademy.com • Office 365 and Azure community – http://www.ciaopspatron.com Twitter @directorcia Facebook https://www.facebook.com/ciaops Email director@ciaops.com Teams admin@ciaops365.com