Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home SIEM

Making Security More Intelligent, Microsoft Releases Azure Sentinel

Azure Sentinel News Editor by Azure Sentinel News Editor
November 20, 2020
in SIEM, SOAR
0
Making Security More Intelligent, Microsoft Releases Azure Sentinel
3.7kViews
1652 Shares Share on Facebook Share on Twitter

Wouldn’t be nice if you could see threats coming and stop them before they happen? Recent technological developments in cloud computing and artificial intelligence are bringing this goal within reach. One of these new technologies is called Azure Sentinel and in simple terms it acts as a kind of virtual agent always at your side watching over your Microsoft Azure cloud infrastructure, collecting data across all of your devices, applications and users in order to detect, investigate and respond to threats against your business. To learn more about Azure Sentinel, I recently reached out to my go-to Azure expert Sasha Kranjac and asked him for a bit of a demonstration of what it does and how to use it. Sasha is a security and Azure expert and instructor with more than two decades of experience in the field. He began programming in Assembler on Sir Clive Sinclair’s ZX, met Windows NT 3.5, and the love has existed ever since. Sasha owns an IT training and consulting company that helps companies and individuals to embrace the cloud and be safe in cyberspace, delivering Microsoft, EC-Council and his own bespoke Azure and Security Courses and PowerClass Workshops internationally. He is a Microsoft MVP, MCT, MCT Regional Lead, Certified EC-Council Instructor (CEI), and currently holds more than 60 technical certifications. Sasha is a frequent speaker at various international conferences, and is a consultant and trainer for some of the largest Fortune 500 companies. You can follow Sasha on Twitter @SasaKranjac. Let’s now pay attention as Sasha takes us through a short walk through some of the features of Azure Sentinel and offers some comments on using it.

Not just another SIEM product

Azure Sentinel is Microsoft’s recent addition to a hybrid cloud security landscape — it is designed to provide cloud-enabled intelligent analytics not only for your Azure resources, but for on-premises and other cloud resources such as Office 365 and Amazon Web Services as well. Azure Sentinel is a security information event management (SIEM) and security orchestration automated response (SOAR) product, and I hear you say, “Oh, no, not another SIEM product!” But unlike other on-premises solutions, Azure Sentinel has a lot of horsepower under the hood. It does not require complex installation or time-consuming infrastructure setup as it is completely cloud-based, powered with artificial intelligence and scaling capabilities. Azure Sentinel is a hybrid cloud security solution, capable of processing and analyzing data from Azure and other cloud provider services, as well as from Windows and Linux workloads no matter whether they are on-premises or in a cloud. Moreover, it can analyze data from third-party security solutions and also analyze data coming from Office 365, Cloud App Security, Azure Information Protection, and others.

The enormous quantity of data that hybrid resources generate requires a lot of computing power to analyze and to get useful and actionable information out of it. Azure Sentinel helps and provides capability in four crucial areas or stages:

  • Collect. Collecting data from multiple sources and clouds, on-premises, applications, infrastructure, users, services, and others.
  • Detect. Detect threats to protected and monitored resources as they happen, minimizing the time to react to threats.
  • Investigate. Powered with artificial intelligence, search for and discover malicious activities across all protected assets.
  • Respond. Once a threat is known, avoid manual actions and respond to threats with automating tasks.

As of its public appearance at the end of February, Azure Sentinel is in “Preview” and not all its features are yet fully available. Pricing is still unknown, but it is expected to be announced before leaving the Preview phase. Meanwhile, why not try Azure Sentinel? There are some prerequisites, though. You need to have a contributor permission to the subscription and a Log Analytics workspace. Currently, Azure Sentinel supports workspaces created in the following regions only: Australia Southeast, Canada Central, Central India, East U.S., East U.S. 2 EUAP (Canary), Japan East, Southeast Asia, UK South, West Europe, and West U.S. 2. Support for other workspaces might be available later.

Using Azure Sentinel: A walkthrough

Before anything else, you need to enable Azure Sentinel:

  1. Either go to Marketplace, All Services, or search for Azure Sentinel in the search field. Click on Azure Sentinel and click +Add.
  2. Choose a workspace to connect to Azure Sentinel. The workspace needs to be created in one of the supported regions. Click Add Azure Sentinel.

After you connect a workspace, you need to connect data resources to Azure Sentinel to be able to forward log events and data for analysis. Click Data Connectors and a list of available connectors appears, enabling you to connect various data sources, from Azure Active Directory and Office 365 to third-party solution providers like Cisco ASA, Fortinet, Barracuda, F5 along with any publisher supporting Common Event Format (CEF) logs:

One complaint: I wish the Data Connectors blade was formatted more clearly, for example as a list, or at least that the current tiled layout reveals what is configured and what is not configured yet. Remember, it is in a Preview and a lot of things can change here in the future.

To configure a connector or a data source, click Configure and a new blade opens. Each connector has its specific settings, and depending on the connector, there is one or more steps required to connect a data source. The following image shows a Common Event Format connector and its configuration steps:

  • SHARE ON FACEBOOK
  • TWEET IT
  • SHARE ON LINKEDIN

Wouldn’t be nice if you could see threats coming and stop them before they happen? Recent technological developments in cloud computing and artificial intelligence are bringing this goal within reach. One of these new technologies is called Azure Sentinel and in simple terms it acts as a kind of virtual agent always at your side watching over your Microsoft Azure cloud infrastructure, collecting data across all of your devices, applications and users in order to detect, investigate and respond to threats against your business. To learn more about Azure Sentinel, I recently reached out to my go-to Azure expert Sasha Kranjac and asked him for a bit of a demonstration of what it does and how to use it. Sasha is a security and Azure expert and instructor with more than two decades of experience in the field. He began programming in Assembler on Sir Clive Sinclair’s ZX, met Windows NT 3.5, and the love has existed ever since. Sasha owns an IT training and consulting company that helps companies and individuals to embrace the cloud and be safe in cyberspace, delivering Microsoft, EC-Council and his own bespoke Azure and Security Courses and PowerClass Workshops internationally. He is a Microsoft MVP, MCT, MCT Regional Lead, Certified EC-Council Instructor (CEI), and currently holds more than 60 technical certifications. Sasha is a frequent speaker at various international conferences, and is a consultant and trainer for some of the largest Fortune 500 companies. You can follow Sasha on Twitter @SasaKranjac. Let’s now pay attention as Sasha takes us through a short walk through some of the features of Azure Sentinel and offers some comments on using it.

Not just another SIEM product

Azure Sentinel is Microsoft’s recent addition to a hybrid cloud security landscape — it is designed to provide cloud-enabled intelligent analytics not only for your Azure resources, but for on-premises and other cloud resources such as Office 365 and Amazon Web Services as well. Azure Sentinel is a security information event management (SIEM) and security orchestration automated response (SOAR) product, and I hear you say, “Oh, no, not another SIEM product!” But unlike other on-premises solutions, Azure Sentinel has a lot of horsepower under the hood. It does not require complex installation or time-consuming infrastructure setup as it is completely cloud-based, powered with artificial intelligence and scaling capabilities. Azure Sentinel is a hybrid cloud security solution, capable of processing and analyzing data from Azure and other cloud provider services, as well as from Windows and Linux workloads no matter whether they are on-premises or in a cloud. Moreover, it can analyze data from third-party security solutions and also analyze data coming from Office 365, Cloud App Security, Azure Information Protection, and others.

The enormous quantity of data that hybrid resources generate requires a lot of computing power to analyze and to get useful and actionable information out of it. Azure Sentinel helps and provides capability in four crucial areas or stages:

  • Collect. Collecting data from multiple sources and clouds, on-premises, applications, infrastructure, users, services, and others.
  • Detect. Detect threats to protected and monitored resources as they happen, minimizing the time to react to threats.
  • Investigate. Powered with artificial intelligence, search for and discover malicious activities across all protected assets.
  • Respond. Once a threat is known, avoid manual actions and respond to threats with automating tasks.

As of its public appearance at the end of February, Azure Sentinel is in “Preview” and not all its features are yet fully available. Pricing is still unknown, but it is expected to be announced before leaving the Preview phase. Meanwhile, why not try Azure Sentinel? There are some prerequisites, though. You need to have a contributor permission to the subscription and a Log Analytics workspace. Currently, Azure Sentinel supports workspaces created in the following regions only: Australia Southeast, Canada Central, Central India, East U.S., East U.S. 2 EUAP (Canary), Japan East, Southeast Asia, UK South, West Europe, and West U.S. 2. Support for other workspaces might be available later.

Using Azure Sentinel: A walkthrough

Before anything else, you need to enable Azure Sentinel:

Azure Sentinel step 1
  1. Either go to Marketplace, All Services, or search for Azure Sentinel in the search field. Click on Azure Sentinel and click +Add.
  2. Choose a workspace to connect to Azure Sentinel. The workspace needs to be created in one of the supported regions. Click Add Azure Sentinel.

After you connect a workspace, you need to connect data resources to Azure Sentinel to be able to forward log events and data for analysis. Click Data Connectors and a list of available connectors appears, enabling you to connect various data sources, from Azure Active Directory and Office 365 to third-party solution providers like Cisco ASA, Fortinet, Barracuda, F5 along with any publisher supporting Common Event Format (CEF) logs:

Azure Sentinel step 2

One complaint: I wish the Data Connectors blade was formatted more clearly, for example as a list, or at least that the current tiled layout reveals what is configured and what is not configured yet. Remember, it is in a Preview and a lot of things can change here in the future.

To configure a connector or a data source, click Configure and a new blade opens. Each connector has its specific settings, and depending on the connector, there is one or more steps required to connect a data source. The following image shows a Common Event Format connector and its configuration steps:

siem

Some connectors do not require more than one click to connect such as Azure Active Directory Identity Protection connector and might have additional requirements, such as Azure Active Directory Premium P1/P2 license in this example:

Once you have connected and configured all required data sources, Azure Sentinel starts to collect data. It might take few minutes before you can see any activity. The more time passes, the more data Azure Sentinel has, and events and alerts numbers will go up and graphs will start to show up:

The Threat Management and Configuration options are on the left, while the central part is reserved for Events, Alerts and Cases quick overview, the graph representing Events and alerts over time and a world map displaying the source and location of potential malicious events.

The Log Analytics is directly accessible within Azure Sentinel via Logs blade and gives the possibility to use the well-known Kusto Query Language (KQL) directly on the Log Analytics Workspace connected to Azure Sentinel:

Here you can test and write your own log queries that you can use later in Analytics, to create custom Alert Rules. As an example, the following query will search for the Security Event ID number 4,625, which is an activity of an account failed to log in onto a Windows virtual machine.

az resource update --ids /subscriptions/{Subscription Guid}/resourceGroups/{Log analytics resource Group Name}/providers/Microsoft.OperationalInsights/workspaces/{Log analytics workspace Name}/providers/Microsoft.SecurityInsights/settings/Fusion --api-version 2019-01-01-preview --set properties.IsEnabled=true --subscription "{Subscription Guid}"

Azure Sentinel spans proactive, actionable security log analytics from cloud to on-premises environments, powered by the latest state-of-the-art artificial intelligence and machine learning capabilities. This is just a glimpse into Azure Sentinel features, and I can’t wait to try other recently announced features like detection’s authoring environment, machine learning algorithms in templates, code snippets, model management, model deployment, workflow scheduler, data versioning capabilities and specialized security analytics libraries, and more.

Reference : http://techgenix.com/azure-sentinel/

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

What’s new: Microsoft Teams connector in Public Preview
SIEM

Changes in How Running Hunting Queries Works in Azure Sentinel

February 11, 2021
Microsoft suspends 18 Azure accounts tied to China-based hackers
SIEM

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

February 8, 2021
With new release, CrowdStrike targets Google Cloud, Azure and container adopters
SIEM

How to Setup a Managed Identity for the Azure Sentinel Logic App Connector

January 21, 2021
Next Post
WA strikes govt-wide cloud deal with Microsoft

WA strikes govt-wide cloud deal with Microsoft

Microsoft goes direct with WA govt with new Whole of Govt agreement

Microsoft goes direct with WA govt with new Whole of Govt agreement

Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service

Microsoft Debuts Azure Sentinel SIEM, Threat Experts Service

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

2 weeks ago
Insight Recognized as a Microsoft Security 20/20 Partner Award Winner for Azure Security Deployment Partner of the Year

Azure Sentinel Resource Terminus – board here!

3 months ago
ITC Secure Achieves Microsoft Gold Partner Status

What’s new: The new Azure Sentinel Notebooks experience is now in public preview!

3 months ago
Hunting for Barium using Azure Sentinel

Hunting for Barium using Azure Sentinel

4 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Azure Sentinel can now Analyze All Available Azure Active Directory Log Files

Trending

What’s new: Microsoft Teams connector in Public Preview
IR

How to Generate Azure Sentinel Incidents for Testing

by Azure Sentinel News Editor
February 26, 2021
0

Do you want to generate an Incident in Azure Sentinel for testing/demoing? Here’s a couple easy ways...

What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

February 17, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021
  • The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting February 22, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News