INTRODUCTION TO AZURE SENTINEL & ITS IMPLEMENTATION.
Microsoft Azure Sentinel is a Scalable. Cloud native, Security Information event management(SIEM) and Security Orchestration Automated Response (SOAR) solution.
Azure Sentinel delivers intelligent security analytics and Threat Intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting and threat response.
Azure Sentinel is your birds eye-view across the enterprises alleviating the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution timeframes.
- Collect data at Cloud Scale across all users, devices, application, and infrastructure, both on premise and in multiple clouds.
- Detect previously undetected threats and minimize false positives using Microsoft analytics and unparalleled threat intelligence.
- Investigate threats with AI and hunt for suspicious activities at scale, tapping into the years of cyber security work at Microsoft.
- Respond to incident rapidly with built-in orchestration and automation of Common task.
How to Access Azure Portal & Azure Sentinel?
Microsoft Azure offers a free 30-day trial period to all new account holders.
- Go to https://www.azure.com and click the green “Start free” button.
- Next, click another “Start free” button.
- If you already have an account with Microsoft, for example, Office 365, you’ll be prompted to log in as:
- When you log in, some of your details may already be there.
- Follow the prompts to verify your accounts by phone.
- Provide the Details and tick “I agree: and click Sign Up.
- Within a few seconds, your account will be ready to use.
Your Microsoft Azure Account has been created
To Continue, click the “My Account” link at the top right corner or go straight to the Microsoft Azure Portal: https://portal.azure.com
Accessing the Azure Sentinel Interface first time:
Navigate to Azure Portal at https://portal.azure.com and the search Azure Sentinel as:
Connect to all your Data using Data Connector
To on board azure sentinel, you first need to connect to your security sources. Azure Sentinel
Comes with a number of connectors for Microsoft solutions, available out of the box and providing real time integrations, including Microsoft Threat Protection solutions, and Microsoft 365 sources, including Office 365, Azure AD, Azure ATP, and Microsoft Cloud App Security and more.
In Addition, there are built-in connectors to the broader security ecosystem for non-Microsoft solutions. You can also use common event format(CEF), SYSLOG, REST-API to connect your data sources with Azure Sentinel as well.
Workbooks: For Reporting & Graphical Representation from Raw logs ingested
After you connected your data sources to Azure Sentinel, you can monitor the data using the azure sentinel integration with Azure Monitor Workbooks, which provides versatility in creating custom workbooks. While Workbooks are displayed in Azure Sentinel, it may be useful for you to see how to create interactive reports with Azure Monitor Workbooks. Azure Sentinel allows to create custom workbooks across your data.
Analytics:
To help you reduce noise and minimize the number of alerts you have to review and investigate, Azure Sentinel uses analytics to correlate alerts into incidents. Incidents are groups of related alerts that together creates an actionable possible-threat that you can investigate and resolve.
Security Automation & Orchestration:
Automate your common tasks and simplify security orchestration with playbooks that integrate with Azure services as well as your existing tools. Built on the foundation of Azure Logic apps, Azure Sentinel’s automation and Orchestration solution provides a Highly extensible architecture that enables scalable automation as new technologies and threat emerges.
Investigation:
Azure Sentinel Deep Investigation tools help you to understand the scope and find the root cause of potential security threat. You can choose an entity on the interactive graph to ask interesting questions for a specific entity, and drill down that entity and its connections to get to the root cause of threat.
Hunting:
Azure Sentinel powerful hunting search & query tools based on MITRE framework, which enables you to proactively hunt for security threats across your organization’s data sources, before an alert is triggered. After you discover which hunting query provides high-value insights into the possible attacks, you can also create custom detection rules based on your query, and surface those insights as alerts to your security incident responded.
HOW CAN YOU MASTER AZURE SENTINEL HANDS-ON
https://www.udemy.com/course/azure-sentinel-hands-on-first-cloud-based-siem-soar/
In this exhaustive course i have given consideration on Hand On from session one.
We will understand how to connect Checkpoint Logs to Azure Sentinel,setting up Syslog Server,
Azure Native Connectors, Sentinel Architecture Design Best Practices both On Premise and Azure Cloud.