Microsoft Sentinel and Its Components - PowerPoint PPT Presentation

About This Presentation
Title:

Microsoft Sentinel and Its Components

Description:

The Microsoft Sentinel was previously known as Azure Sentinel. Microsoft Sentinel is a cloud-based SIEM (Security Information Event Management) and SOAR (Security Orchestration Automated Response) tool used by security operation analysts to gather information from many sources and provide security insights to the corporation. – PowerPoint PPT presentation

Number of Views:23

less

Transcript and Presenter's Notes

Title: Microsoft Sentinel and Its Components


1
Microsoft Sentinel and Its Components
www.infosectrain.com sales_at_infosectrain.com
2
www.infosectrain.com sales_at_infosectrain.com
3
Table of Contents What is Microsoft
Sentinel? Components of Microsoft Sentinel Stages
of Microsoft Sentinel What is Microsoft
Sentinel? The Microsoft Sentinel was previously
known as Azure Sentinel. Microsoft Sentinel is a
cloud-based SIEM (Security Information Event
Management) and SOAR (Security Orchestration
Automated Response) tool used by security
operation analysts to gather information from
many sources and provide security insights to the
corporation. Microsoft Sentinel uses Microsoft
threat intelligence and machine learning
technologies to detect and investigate threats
and suspicious activity quickly. It reacts
quickly to any vulnerabilities and automates
security to keep your company safe. It combines
alert detection, proactive hunting, threat
visibility, and threat response into a single
solution. Microsoft Sentinel manages all your
on-premises servers, devices, applications, etc.
www.infosectrain.com sales_at_infosectrain.com
4
Components of Microsoft Sentinel
www.infosectrain.com sales_at_infosectrain.com
5
  1. Data Connectors Microsoft Sentinel includes
    several connectors for Microsoft products that
    enable real-time connectivity. Built-in
    connectors are provided in Microsoft Sentinel to
    allow data from Microsoft products and users.
    Non-Microsoft products can benefit from
    out-of-the-box connectivity to the larger
    security ecosystem.
  2. Workbooks You may monitor the data using the
    Microsoft Sentinel connection with Azure monitor
    workbooks once you have connected data sources to
    Microsoft Sentinel. Microsoft Sentinel provides
    you to develop unique workbooks based on your
    data, as well as pre-built workbook templates and
    configurable solutions for visualizing Sentinel
    data.
  3. Analytics Microsoft Sentinel uses analytics
    rules to correlate alerts into a possibly
    high-security incident and proactively alert
    security responders. Users can utilize Kusto
    Query Language (KQL) to create custom rules to
    generate alerts in Analytics. There are various
    pre-built rules and linkages to Microsoft sources
    like Cloud App Security and Azure ATP.
  4. Playbooks Playbooks interface with Microsoft
    services and existing tools to automate and
    simplify security orchestration. Playbooks are a
    set of concepts to run in response to a sentinel
    indication, and they use Azure Logic Apps.
    Playbooks are designed to automate and simplify
    operations such as data intake, enrichment, and
    investigation for SOC engineers and analysts.

www.infosectrain.com sales_at_infosectrain.com
6
  • 5.Community Community is a Microsoft Sentinel
    page powered by GitHub that contains several data
    sources for threat intelligence and automation.
    Sample hunting queries, playbooks, workbooks, and
    other resources are available on the Microsoft
    Sentinel community page. Users can use it to set
    up alerts and respond to hazards in their
    environments.
  • 6.Workspace A workspace, also known as a log
    analytics workspace, is a storage area for
    information and configuration settings. Microsoft
    Sentinel uses it to store data gathered from
    multiple sources. You can either establish a new
    workspace for data storage or use an existing
    workspace.
  • 7.Dashboard Microsoft Sentinel has a simple
    standalone dashboard that allows you to visualize
    data from multiple sources and configures rules
    in real-time. Enable the security team to
    understand better the events generated by those
    services. It has the following characteristics
  • Machine learning
  • Rule management
  • Resource analysis for a single machine





www.infosectrain.com sales_at_infosectrain.com
7
  1. Investigation The investigation capabilities in
    Microsoft Sentinel assist you in determining the
    scope of a potential security problem and
    determining the root cause. Choose a specific
    incident to launch an investigation. A case is a
    compilation of all pertinent evidence relating to
    a single investigation.
  2. Hunting Hunting is in charge of executing manual
    and proactive investigations to uncover and
    assess security vulnerabilities across your
    organizations data sources before an incident is
    raised. Microsoft Sentinel features sophisticated
    hunting search and query tools based on the MITRE
    ATTCK framework. KQL (Kusto Query Language)
    improves Microsoft Sentinels searching
    capabilities.
  3. Notebooks In Azure machine learning workspaces,
    Microsoft Sentinel supports Jupyter notebooks,
    which contain an in-built collection of
    frameworks and modules for machine learning,
    visualization, and data analysis. A notebook can
    examine errors and look for harmful behavior by
    providing security views and activities. A
    notebook is a browser-based online application
    that allows you to run live visualizations and
    code.





www.infosectrain.com sales_at_infosectrain.com
8
Stages of Microsoft Sentinel




www.infosectrain.com sales_at_infosectrain.com
9
  1. Data collection at the cloud platform Microsoft
    Sentinel is a service that is entirely hosted in
    the cloud. Microsoft Sentinel is a
    log-analytics-based data collection platform that
    collects data on all users, servers,
    workstations, devices, apps, and infrastructure
    on-premises and across different clouds. Various
    connectors available for Microsoft solutions
    allow us to connect to other clouds and integrate
    data.
  2. Detect previously unidentified threats Microsoft
    Sentinel uses Microsofts analytics, machine
    learning, and unrivaled threat intelligence to
    identify and analyze previously unknown threats
    and reduce false-positive results. Microsoft
    Sentinel provides built-in templates for creating
    threat detection procedures and automating threat
    responses right out of the box.
  3. Investigate risks with artificial
    intelligence Microsoft Sentinel uses artificial
    intelligence and machine learning to investigate
    threats and look for suspicious activity on a
    large scale. It visualizes the sustained attack
    and its consequences. It uses the MITRE framework
    to decrease noise and seek security issues.
  4. Respond rapidly to incidents With built-in
    orchestration and automation of typical tasks,
    Microsoft Sentinel reacts quickly to incidents
    that occur and responds to address the risks to
    minimize their impact.





www.infosectrain.com sales_at_infosectrain.com
10
Microsoft Sentinel with InfosecTrain Microsoft
Azure is the second-largest cloud computing
platform in the world, and it is rapidly
expanding. If you are interested in learning more
about Microsoft Sentinel, you can enroll
in InfosecTrain. InfosecTrains Microsoft
Sentinel training course covers the fundamentals
of Microsoft Sentinel, including its components
and functionalities. InfosecTrain is a prominent
security and technology training and consulting
firm specializing in information security and
cloud security services.




www.infosectrain.com sales_at_infosectrain.com
11
About InfosecTrain
  • Established in 2016, we are one of the finest
    Security and Technology Training and Consulting
    company
  • Wide range of professional training programs,
    certifications consulting services in the IT
    and Cyber Security domain
  • High-quality technical services, certifications
    or customized training programs curated with
    professionals of over 15 years of combined
    experience in the domain

www.infosectrain.com sales_at_infosectrain.com
12
Our Endorsements
www.infosectrain.com sales_at_infosectrain.com
13
Why InfosecTrain
Global Learning Partners
Access to the recorded sessions
Certified and Experienced Instructors
Flexible modes of Training
Tailor Made Training
Post training completion
www.infosectrain.com sales_at_infosectrain.com
14
Our Trusted Clients
www.infosectrain.com sales_at_infosectrain.com
15
(No Transcript)
16
Contact us
Get your workforce reskilled by our certified and
experienced instructors!
IND 1800-843-7890 (Toll Free) / US 1
657-221-1127 / UK 44 7451 208413
sales_at_infosectrain.com
www.infosectrain.com
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Microsoft Sentinel and Its Components" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!