SlideShare une entreprise Scribd logo

Azure Sentinel.pptx

Télécharger en tant que PPTX, PDF
Mohit Chhabra
Mohit Chhabra

Presented at PDC Conference

Technologie
1  sur  46
Secure your Infrastructure with Azure Sentinel Mohit Chhabra Microsoft Azure MVP Configit |Germany https://www.linkedin.com/company/pdcconf @PDCConf https://www.facebook.com/pdcconf
Thank you to all our generous sponsors Supported by Powered by Organized by Sponsored by
Mohit Chhabra S Twitter username LinkedIn username Powered By September 16th & 17th Online Event International Conference Speaker
Security Operations Team Expanding digital estate
Too many disconnected products High volume of noisy alerts Security skills in short supply Lack of automation Rising infrastructure costs and upfront investment IT deployment & maintenance Sophistication of threats Traditional SOC Challenges
Cloud + Artificial Intelligence Security Operations Team Azure Sentinel is a cloud-native SIEM
Introducing Microsoft Azure Sentinel Azure Sentinel Cloud-native SIEM + SOAR (Security Orchestration, Automation and Response) for intelligent security analytics for your entire enterprise Respond Rapidly and automate protection Detect Threats with vast threat intelligence and AI Investigate Collect Security data across your enterprise Critical incidents guided by AI Limitless cloud speed and scale Bring your Office 365 data for Free Easy integration with your existing tools Faster threat protection with AI by your side
Azure Sentinel – Across Security Center © Microsoft Corporation Azure
Connectors - https://techcommunity.microsoft.com/t5/Azure-Sentinel/bg-p/AzureSentinelBlog © Microsoft Corporation Azure
Azure Sentinel – Cloud Native SIEM + SOAR Azure Sentinel is a true cloud native software as a service solution for SIEM+SOAR (Security information and event management + Security orchestration and automated response) with automatic scalability, no server installation, maintenance, or complex configuration. It lets your SecOps team focus on the most important tasks- defending against threats to your organization. Microsoft Azure Sentinel is a PaaS service started with ArcSite with using Azure Data Explorer using LogicApps as it’s built in Automation engine. It uses Azure Log Analytics our log platform, in the background for it’s data.
Focus on security, unburden SecOps from IT tasks © Microsoft Corporation Azure No infrastructure setup or maintenance SIEM Service available in Azure portal Scale automatically, put no limits to compute or storage resources
Traditional Reduce security and IT costs- Get a cost effective SIEM No infrastructure costs, Only pay for what you use Bring your Office 365 Data for free Predictable Billing with capacity reservations Flexible model, no annual commitments Sentinel Cloud-native, scalable SIEM Hardware setup Maintenance Software setup
Integrate with existing tools & data sources
Collect security data at cloud scale from all sources across your enterprise © Microsoft Corporation Azure Pre-wired integration with Microsoft solutions Connectors for many partner solutions Standard log format support for all sources Proven log platform with more than 10 petabytes of daily ingestion
Optimize for your needs © Microsoft Corporation Azure Bring your own insights, machine learning models, and threat intelligence Tap into our security community to build on detections, threat intelligence, and response automation. Bring your own ML Models & Threat Intelligence Security Community
Live Demo © Microsoft Corporation Azure • Mohit Chhabra
Azure Sentinel – Data Connectors © Microsoft Corporation Azure
Azure Sentinel – Data Connectors © Microsoft Corporation Azure
Azure Sentinel – Overview Dashboard © Microsoft Corporation Azure
Sentinel is back by Log Analytics Workspace © Microsoft Corporation Azure
Sentinel – News & Guides © Microsoft Corporation Azure
Sentinel – Threat Management - Incidents © Microsoft Corporation Azure
Sentinel – Threat Management - Workbooks © Microsoft Corporation Azure
Sentinel – Threat Management - Hunting © Microsoft Corporation Azure
Sentinel – Threat Management - Notebooks © Microsoft Corporation Azure
Sentinel – Configuration – Data Connectors © Microsoft Corporation Azure
Sentinel – Configuration - Analytics © Microsoft Corporation Azure
Sentinel – Configuration - Playbooks © Microsoft Corporation Azure
Sentinel – Configuration - Community © Microsoft Corporation Azure
Sentinel – Configuration - Settings © Microsoft Corporation Azure
GitHub © Microsoft Corporation Azure
AI by your side
Detect threats and analyze security data quickly with AI © Microsoft Corporation Azure ML models based on decades of Microsoft security experience and learnings Millions of signals filtered to few correlated and prioritized incidents Insights based on vast Microsoft threat intelligence and your own TI Reduce alert fatigue by up to 90% Correlated rules User Entity Behavior Analysis integrated with Microsoft 365 Bring your own ML models Pre-built Machine Learning models Threat Detection and Analysis
Respond rapidly with built-in orchestration and automation Build automated and scalable playbooks that integrate across tools ! Security Products Ticketing Systems (ServiceNow) Additional tools
How it works © Microsoft Corporation Azure Microsoft Services Analyze & Detect Investigate & Hunt Automate & Orchestrate Response Visibility Data Ingestion Data Repository Data Search Enrichment Integrate Collect
Investigate threats with AI and hunt suspicious activities at scale © Microsoft Corporation Azure Get prioritized alerts and automated expert guidance Visualize the entire attack and its impact Hunt for suspicious activities using pre-built queries and Azure Notebooks
Threat detection, investigation and response © Microsoft Corporation Azure
Azure Sentinel Data store Automation User interface Rules Machine learning Search & investigation On Premises Other Clouds & SaaS Apps Customer’s Tenant
Customer’s Tenant Azure Sentinel (Optional) Collector Proxy Azure Sentinel on-premises collection options: 1. Agent 2. CEF/Syslog 3. WEF 4. Native Collection 5. Logic Apps 6. Direct API + Logstash All methods can be applied to Cloud IaaS. OS events, DNS, Windows FW, DHCP agent agent CEF or Syslog connector Syslog (TLS, TCP, UDP) Branch Office Auto deployed cloud CEF of Syslog connector WEF Connector HTTPS WEC Direct Integration for supported sources
Basics:  Windows Events  Linux Syslog Extras:  DNS events (DCs)  Windows Firewall events  IIS events  Local files  FluentD plug-ins
• Windows or Linux • Automated install in Azure • Central management • Proxy support • Additional Azure management functions • Well documented
Syslog/CEF Collection Azure Sentinel Syslog Collector (Dedicated Linux VM)
Azure Syslog/CEF Collection: Cloud based collector Azure Sentinel Syslog Collector (Dedicated VM)
On Prem Syslog/CEF Collection: On-prem based collector Azure Sentinel Syslog Collector (Dedicated VM)
Windows Event Forwarding* Azure Sentinel Syslog Collector (Dedicated Windows VM)
Thank you!

Recommandé

Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
arnaudlh
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
BGA Cyber Security
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure Sentinel
Cheah Eng Soon
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
Cheah Eng Soon
 
Getting Started with Azure Sentinel
Getting Started with Azure SentinelGetting Started with Azure Sentinel
Getting Started with Azure Sentinel
Samik Roy
 

Recommandé

Introduction to Azure Sentinel
Introduction to Azure SentinelIntroduction to Azure Sentinel
Introduction to Azure Sentinel
arnaudlh
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
Robert Crane
 
SEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptxSEIM-Microsoft Sentinel.pptx
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
Microsoft Azure Sentinel
Microsoft Azure SentinelMicrosoft Azure Sentinel
Microsoft Azure Sentinel
BGA Cyber Security
 
Azure Sentinel
Azure SentinelAzure Sentinel
Azure Sentinel
Cheah Eng Soon
 
Microsoft Defender and Azure Sentinel
Microsoft Defender and Azure SentinelMicrosoft Defender and Azure Sentinel
Microsoft Defender and Azure Sentinel
David J Rosenthal
 
Microsoft Defender for Endpoint
Microsoft Defender for EndpointMicrosoft Defender for Endpoint
Microsoft Defender for Endpoint
Cheah Eng Soon
 
Getting Started with Azure Sentinel
Getting Started with Azure SentinelGetting Started with Azure Sentinel
Getting Started with Azure Sentinel
Samik Roy
 
Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
Karina Matos
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
David J Rosenthal
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
Alert Logic
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
carlitocabana
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
Mario Worwell
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
Allen Brokken
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
Cheah Eng Soon
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Vignesh Ganesan I Microsoft MVP
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
Syed Sabhi Haider
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
Marius Sandbu
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat Protection
David J Rosenthal
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
Robert Crane
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
Kasun Rajapakse
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
Ajit Wadhawan
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
David J Rosenthal
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
walk2talk srl
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
David J Rosenthal
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
Robert Crane
 
TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptx
JustineGarcia32
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Research
 

Contenu connexe

Tendances

07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
carlitocabana
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
David J Rosenthal
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
David J Rosenthal
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
walk2talk srl
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
David J Rosenthal
 

Tendances (20)

Azure security and Compliance
Azure security and ComplianceAzure security and Compliance
Azure security and Compliance
 
Microsoft Office 365 Security and Compliance
Microsoft Office 365 Security and ComplianceMicrosoft Office 365 Security and Compliance
Microsoft Office 365 Security and Compliance
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security Overview
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Azure Security Overview
Azure Security OverviewAzure Security Overview
Azure Security Overview
 
Modernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure SentinelModernize your Security Operations with Azure Sentinel
Modernize your Security Operations with Azure Sentinel
 
Microsoft Zero Trust
Microsoft Zero TrustMicrosoft Zero Trust
Microsoft Zero Trust
 
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud AppsSecure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
Secure your Access to Cloud Apps using Microsoft Defender for Cloud Apps
 
Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview Microsoft Cloud Application Security Overview
Microsoft Cloud Application Security Overview
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
 
Microsoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat ProtectionMicrosoft Office 365 Advanced Threat Protection
Microsoft Office 365 Advanced Threat Protection
 
An introduction to Defender for Business
An introduction to Defender for BusinessAn introduction to Defender for Business
An introduction to Defender for Business
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to Hero
 
SOAR and SIEM.pptx
SOAR and SIEM.pptxSOAR and SIEM.pptx
SOAR and SIEM.pptx
 
Microsoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 OverviewMicrosoft 365 Enterprise Security with E5 Overview
Microsoft 365 Enterprise Security with E5 Overview
 
CCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best PracticesCCI2018 - Azure Network - Security Best Practices
CCI2018 - Azure Network - Security Best Practices
 
Microsoft 365 Security and Compliance
Microsoft 365 Security and ComplianceMicrosoft 365 Security and Compliance
Microsoft 365 Security and Compliance
 
Azure Information Protection
Azure Information ProtectionAzure Information Protection
Azure Information Protection
 

Similaire à Azure Sentinel.pptx

SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Research
 
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Amazon Web Services
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
Amazon Web Services
 

Similaire à Azure Sentinel.pptx (20)

TechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptxTechTalksUtah-Sentinel-20191108.pptx
TechTalksUtah-Sentinel-20191108.pptx
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
 
Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck Azure Sentinel Jan 2021 overview deck
Azure Sentinel Jan 2021 overview deck
 
Adam ochs sentinel
Adam ochs sentinelAdam ochs sentinel
Adam ochs sentinel
 
Azure Sentinel with Office 365
Azure Sentinel with Office 365Azure Sentinel with Office 365
Azure Sentinel with Office 365
 
Remediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinelRemediate and secure your organization with azure sentinel
Remediate and secure your organization with azure sentinel
 
Daniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity storyDaniel Grabski | Microsofts cybersecurity story
Daniel Grabski | Microsofts cybersecurity story
 
go secure cloud.pdf
go secure cloud.pdfgo secure cloud.pdf
go secure cloud.pdf
 
Cloudbrew 2019 - Threat hunting with the Microsoft Cloud
Cloudbrew 2019 - Threat hunting with the Microsoft CloudCloudbrew 2019 - Threat hunting with the Microsoft Cloud
Cloudbrew 2019 - Threat hunting with the Microsoft Cloud
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Nicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security CenterNicholas DiCola | Secure your IT resources with Azure Security Center
Nicholas DiCola | Secure your IT resources with Azure Security Center
 
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
Seeing More Clearly: How Essilor Overcame 3 Common Cloud Security Challenges ...
 
Azure Security Center
Azure Security CenterAzure Security Center
Azure Security Center
 
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
 
1 Modern Security - Keynote
1 Modern Security - Keynote1 Modern Security - Keynote
1 Modern Security - Keynote
 
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
How to Meet Strict Security & Compliance Requirements in the Cloud (SEC208) |...
 
SC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security SolutionsSC-900 Capabilities of Microsoft Security Solutions
SC-900 Capabilities of Microsoft Security Solutions
 
Azure IoT Suite
Azure IoT Suite Azure IoT Suite
Azure IoT Suite
 
Security management
Security managementSecurity management
Security management
 

Plus de Mohit Chhabra

Plus de Mohit Chhabra (19)

Azure Governance for Enterprise
Azure Governance for EnterpriseAzure Governance for Enterprise
Azure Governance for Enterprise
 
Virtual assistant with azure ai
Virtual assistant with azure ai Virtual assistant with azure ai
Virtual assistant with azure ai
 
Azure bastion
Azure bastionAzure bastion
Azure bastion
 
Secure hybrid workload with azure
Secure hybrid workload with azureSecure hybrid workload with azure
Secure hybrid workload with azure
 
Azure functions
Azure functionsAzure functions
Azure functions
 
Convert your sketches to code with microsoft ai
Convert your sketches to code with microsoft aiConvert your sketches to code with microsoft ai
Convert your sketches to code with microsoft ai
 
Intro to docker and kubernetes
Intro to docker and kubernetesIntro to docker and kubernetes
Intro to docker and kubernetes
 
Net overview-and-roadmap
Net overview-and-roadmapNet overview-and-roadmap
Net overview-and-roadmap
 
Azure BluePrint
Azure BluePrintAzure BluePrint
Azure BluePrint
 
Azure devops
Azure devopsAzure devops
Azure devops
 
Containerization in microsoft azure
Containerization in microsoft azureContainerization in microsoft azure
Containerization in microsoft azure
 
Cosmosdb graph
Cosmosdb graphCosmosdb graph
Cosmosdb graph
 
Azure full
Azure fullAzure full
Azure full
 
App innovationcircles azure
App innovationcircles azureApp innovationcircles azure
App innovationcircles azure
 
App innovationcircles xamarin
App innovationcircles xamarinApp innovationcircles xamarin
App innovationcircles xamarin
 
Cloud based programming
Cloud based programmingCloud based programming
Cloud based programming
 
Azure document db/Cosmos DB
Azure document db/Cosmos DBAzure document db/Cosmos DB
Azure document db/Cosmos DB
 
Azure cli2.0
Azure cli2.0Azure cli2.0
Azure cli2.0
 
DevOps in Microsoft Azure
DevOps in Microsoft Azure DevOps in Microsoft Azure
DevOps in Microsoft Azure
 

Dernier

EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
Earley Information Science
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
Delhi Call girls
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
Delhi Call girls
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Dernier (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?What Are The Drone Anti-jamming Systems Technology?
What Are The Drone Anti-jamming Systems Technology?
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 

Azure Sentinel.pptx

  • 1. Secure your Infrastructure with Azure Sentinel Mohit Chhabra Microsoft Azure MVP Configit |Germany https://www.linkedin.com/company/pdcconf @PDCConf https://www.facebook.com/pdcconf
  • 2. Thank you to all our generous sponsors Supported by Powered by Organized by Sponsored by
  • 3. Mohit Chhabra S Twitter username LinkedIn username Powered By September 16th & 17th Online Event International Conference Speaker
  • 5. Too many disconnected products High volume of noisy alerts Security skills in short supply Lack of automation Rising infrastructure costs and upfront investment IT deployment & maintenance Sophistication of threats Traditional SOC Challenges
  • 6. Cloud + Artificial Intelligence Security Operations Team Azure Sentinel is a cloud-native SIEM
  • 7. Introducing Microsoft Azure Sentinel Azure Sentinel Cloud-native SIEM + SOAR (Security Orchestration, Automation and Response) for intelligent security analytics for your entire enterprise Respond Rapidly and automate protection Detect Threats with vast threat intelligence and AI Investigate Collect Security data across your enterprise Critical incidents guided by AI Limitless cloud speed and scale Bring your Office 365 data for Free Easy integration with your existing tools Faster threat protection with AI by your side
  • 8. Azure Sentinel – Across Security Center © Microsoft Corporation Azure
  • 10. Azure Sentinel – Cloud Native SIEM + SOAR Azure Sentinel is a true cloud native software as a service solution for SIEM+SOAR (Security information and event management + Security orchestration and automated response) with automatic scalability, no server installation, maintenance, or complex configuration. It lets your SecOps team focus on the most important tasks- defending against threats to your organization. Microsoft Azure Sentinel is a PaaS service started with ArcSite with using Azure Data Explorer using LogicApps as it’s built in Automation engine. It uses Azure Log Analytics our log platform, in the background for it’s data.
  • 11. Focus on security, unburden SecOps from IT tasks © Microsoft Corporation Azure No infrastructure setup or maintenance SIEM Service available in Azure portal Scale automatically, put no limits to compute or storage resources
  • 12. Traditional Reduce security and IT costs- Get a cost effective SIEM No infrastructure costs, Only pay for what you use Bring your Office 365 Data for free Predictable Billing with capacity reservations Flexible model, no annual commitments Sentinel Cloud-native, scalable SIEM Hardware setup Maintenance Software setup
  • 14. Collect security data at cloud scale from all sources across your enterprise © Microsoft Corporation Azure Pre-wired integration with Microsoft solutions Connectors for many partner solutions Standard log format support for all sources Proven log platform with more than 10 petabytes of daily ingestion
  • 15. Optimize for your needs © Microsoft Corporation Azure Bring your own insights, machine learning models, and threat intelligence Tap into our security community to build on detections, threat intelligence, and response automation. Bring your own ML Models & Threat Intelligence Security Community
  • 16. Live Demo © Microsoft Corporation Azure • Mohit Chhabra
  • 17. Azure Sentinel – Data Connectors © Microsoft Corporation Azure
  • 18. Azure Sentinel – Data Connectors © Microsoft Corporation Azure
  • 19. Azure Sentinel – Overview Dashboard © Microsoft Corporation Azure
  • 20. Sentinel is back by Log Analytics Workspace © Microsoft Corporation Azure
  • 21. Sentinel – News & Guides © Microsoft Corporation Azure
  • 22. Sentinel – Threat Management - Incidents © Microsoft Corporation Azure
  • 23. Sentinel – Threat Management - Workbooks © Microsoft Corporation Azure
  • 24. Sentinel – Threat Management - Hunting © Microsoft Corporation Azure
  • 25. Sentinel – Threat Management - Notebooks © Microsoft Corporation Azure
  • 26. Sentinel – Configuration – Data Connectors © Microsoft Corporation Azure
  • 27. Sentinel – Configuration - Analytics © Microsoft Corporation Azure
  • 28. Sentinel – Configuration - Playbooks © Microsoft Corporation Azure
  • 29. Sentinel – Configuration - Community © Microsoft Corporation Azure
  • 30. Sentinel – Configuration - Settings © Microsoft Corporation Azure
  • 32. AI by your side
  • 33. Detect threats and analyze security data quickly with AI © Microsoft Corporation Azure ML models based on decades of Microsoft security experience and learnings Millions of signals filtered to few correlated and prioritized incidents Insights based on vast Microsoft threat intelligence and your own TI Reduce alert fatigue by up to 90% Correlated rules User Entity Behavior Analysis integrated with Microsoft 365 Bring your own ML models Pre-built Machine Learning models Threat Detection and Analysis
  • 34. Respond rapidly with built-in orchestration and automation Build automated and scalable playbooks that integrate across tools ! Security Products Ticketing Systems (ServiceNow) Additional tools
  • 35. How it works © Microsoft Corporation Azure Microsoft Services Analyze & Detect Investigate & Hunt Automate & Orchestrate Response Visibility Data Ingestion Data Repository Data Search Enrichment Integrate Collect
  • 36. Investigate threats with AI and hunt suspicious activities at scale © Microsoft Corporation Azure Get prioritized alerts and automated expert guidance Visualize the entire attack and its impact Hunt for suspicious activities using pre-built queries and Azure Notebooks
  • 37. Threat detection, investigation and response © Microsoft Corporation Azure
  • 38. Azure Sentinel Data store Automation User interface Rules Machine learning Search & investigation On Premises Other Clouds & SaaS Apps Customer’s Tenant
  • 39. Customer’s Tenant Azure Sentinel (Optional) Collector Proxy Azure Sentinel on-premises collection options: 1. Agent 2. CEF/Syslog 3. WEF 4. Native Collection 5. Logic Apps 6. Direct API + Logstash All methods can be applied to Cloud IaaS. OS events, DNS, Windows FW, DHCP agent agent CEF or Syslog connector Syslog (TLS, TCP, UDP) Branch Office Auto deployed cloud CEF of Syslog connector WEF Connector HTTPS WEC Direct Integration for supported sources
  • 40. Basics:  Windows Events  Linux Syslog Extras:  DNS events (DCs)  Windows Firewall events  IIS events  Local files  FluentD plug-ins
  • 41. • Windows or Linux • Automated install in Azure • Central management • Proxy support • Additional Azure management functions • Well documented
  • 42. Syslog/CEF Collection Azure Sentinel Syslog Collector (Dedicated Linux VM)
  • 43. Azure Syslog/CEF Collection: Cloud based collector Azure Sentinel Syslog Collector (Dedicated VM)
  • 44. On Prem Syslog/CEF Collection: On-prem based collector Azure Sentinel Syslog Collector (Dedicated VM)
  • 45. Windows Event Forwarding* Azure Sentinel Syslog Collector (Dedicated Windows VM)