1 / 16

Microsoft Sentinel and Its Components

The Microsoft Sentinel was previously known as Azure Sentinel. Microsoft Sentinel is a cloud-based SIEM (Security Information Event Management) and SOAR (Security Orchestration Automated Response) tool used by security operation analysts to gather information from many sources and provide security insights to the corporation.

Télécharger la présentation

Microsoft Sentinel and Its Components

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Microsoft Sentinel and Its Components www.infosectrain.com | sales@infosectrain.com

  2. www.infosectrain.com | sales@infosectrain.com

  3. Table of Contents What is Microsoft Sentinel? Components of Microsoft Sentinel Stages of Microsoft Sentinel What is Microsoft Sentinel? The Microsoft Sentinel was previously known as Azure Sentinel. Microsoft Sentinel is a cloud-based SIEM (Security Information Event Management) and SOAR (Security Orchestration Automated Response) tool used by security operation analysts to gather information from many sources and provide security insights to the corporation. Microsoft Sentinel uses Microsoft threat intelligence and machine learning technologies to detect and investigate threats and suspicious activity quickly. It reacts quickly to any vulnerabilities and automates security to keep your company safe. It combines alert detection, proactive hunting, threat visibility, and threat response into a single solution. Microsoft Sentinel manages all your on-premises servers, devices, applications, etc. www.infosectrain.com | sales@infosectrain.com

  4. Components of Microsoft Sentinel www.infosectrain.com | sales@infosectrain.com

  5. Data Connectors: Microsoft Sentinel includes several connectors for Microsoft products that enable real-time connectivity. Built-in connectors are provided in Microsoft Sentinel to allow data from Microsoft products and users. Non-Microsoft products can benefit from out-of-the-box connectivity to the larger security ecosystem. Workbooks: You may monitor the data using the Microsoft Sentinel connection with Azure monitor workbooks once you have connected data sources to Microsoft Sentinel. Microsoft Sentinel provides you to develop unique workbooks based on your data, as well as pre-built workbook templates and configurable solutions for visualizing Sentinel data. Analytics: Microsoft Sentinel uses analytics rules to correlate alerts into a possibly high-security incident and proactively alert security responders. Users can utilize Kusto Query Language (KQL) to create custom rules to generate alerts in Analytics. There are various pre-built rules and linkages to Microsoft sources like Cloud App Security and Azure ATP. Playbooks: Playbooks interface with Microsoft services and existing tools to automate and simplify security orchestration. Playbooks are a set of concepts to run in response to a sentinel indication, and they use Azure Logic Apps. Playbooks are designed to automate and simplify operations such as data intake, enrichment, and investigation for SOC engineers and analysts. www.infosectrain.com | sales@infosectrain.com

  6. 5.Community: Community is a Microsoft Sentinel page powered by GitHub that contains several data sources for threat intelligence and automation. Sample hunting queries, playbooks, workbooks, and other resources are available on the Microsoft Sentinel community page. Users can use it to set up alerts and respond to hazards in their environments. • 6.Workspace: A workspace, also known as a log analytics workspace, is a storage area for information and configuration settings. Microsoft Sentinel uses it to store data gathered from multiple sources. You can either establish a new workspace for data storage or use an existing workspace. • 7.Dashboard: Microsoft Sentinel has a simple standalone dashboard that allows you to visualize data from multiple sources and configures rules in real-time. Enable the security team to understand better the events generated by those services. It has the following characteristics: • Machine learning • Rule management • Resource analysis for a single machine www.infosectrain.com | sales@infosectrain.com

  7. Investigation: The investigation capabilities in Microsoft Sentinel assist you in determining the scope of a potential security problem and determining the root cause. Choose a specific incident to launch an investigation. A case is a compilation of all pertinent evidence relating to a single investigation. Hunting: Hunting is in charge of executing manual and proactive investigations to uncover and assess security vulnerabilities across your organization’s data sources before an incident is raised. Microsoft Sentinel features sophisticated hunting search and query tools based on the MITRE ATT&CK framework. KQL (Kusto Query Language) improves Microsoft Sentinel’s searching capabilities. Notebooks: In Azure machine learning workspaces, Microsoft Sentinel supports Jupyter notebooks, which contain an in-built collection of frameworks and modules for machine learning, visualization, and data analysis. A notebook can examine errors and look for harmful behavior by providing security views and activities. A notebook is a browser-based online application that allows you to run live visualizations and code. www.infosectrain.com | sales@infosectrain.com

  8. Stages of Microsoft Sentinel www.infosectrain.com | sales@infosectrain.com

  9. Data collection at the cloud platform: Microsoft Sentinel is a service that is entirely hosted in the cloud. Microsoft Sentinel is a log-analytics-based data collection platform that collects data on all users, servers, workstations, devices, apps, and infrastructure on-premises and across different clouds. Various connectors available for Microsoft solutions allow us to connect to other clouds and integrate data. Detect previously unidentified threats: Microsoft Sentinel uses Microsoft’s analytics, machine learning, and unrivaled threat intelligence to identify and analyze previously unknown threats and reduce false-positive results. Microsoft Sentinel provides built-in templates for creating threat detection procedures and automating threat responses right out of the box. Investigate risks with artificial intelligence: Microsoft Sentinel uses artificial intelligence and machine learning to investigate threats and look for suspicious activity on a large scale. It visualizes the sustained attack and its consequences. It uses the MITRE framework to decrease noise and seek security issues. Respond rapidly to incidents: With built-in orchestration and automation of typical tasks, Microsoft Sentinel reacts quickly to incidents that occur and responds to address the risks to minimize their impact. www.infosectrain.com | sales@infosectrain.com

  10. Microsoft Sentinel with InfosecTrain Microsoft Azure is the second-largest cloud computing platform in the world, and it is rapidly expanding. If you are interested in learning more about Microsoft Sentinel, you can enroll in InfosecTrain. InfosecTrain’sMicrosoft Sentinel training course covers the fundamentals of Microsoft Sentinel, including its components and functionalities. InfosecTrain is a prominent security and technology training and consulting firm specializing in information security and cloud security services. www.infosectrain.com | sales@infosectrain.com

  11. About InfosecTrain • Established in 2016, we are one of the finest Security and Technology Training and Consulting company • Wide range of professional training programs, certifications & consulting services in the IT and Cyber Security domain • High-quality technical services, certifications or customized training programs curated with professionals of over 15 years of combined experience in the domain www.infosectrain.com | sales@infosectrain.com

  12. Our Endorsements www.infosectrain.com | sales@infosectrain.com

  13. Why InfosecTrain Global Learning Partners Access to the recorded sessions Certified and Experienced Instructors Flexible modes of Training Post training completion Tailor Made Training www.infosectrain.com | sales@infosectrain.com

  14. Our Trusted Clients www.infosectrain.com | sales@infosectrain.com

  15. Contact us Get your workforce reskilled by our certified and experienced instructors! IND: 1800-843-7890 (Toll Free) / US: +1 657-221-1127 / UK : +44 7451 208413 sales@infosectrain.com www.infosectrain.com

More Related