Azure Sentinel: the future of Cloud Security Monitoring

IT is becoming more strategic, and with it comes the increasing importance of keeping your environment secure on a daily basis. Microsoft’s Azure Sentinel is a fully Cloud-native SIEM that delivers security analytics and threat intelligence in one single solution. A Security and Event Management (SIEM) tool is designed to collect and analyse data to help identify and mitigate threats, ensuring your IT environment is kept safe!

During the event, Transparity’s Security Technical Lead will delve into how your business can leverage the features and benefits of Azure Sentinel. We’ll talk you through why Azure Sentinel is different to other SIEMs and give an overview of its architecture. We will then share insight on Data Connectors and how to use Workbooks to visualise data, look at Analytics Rules as well as UEBA and SOAR capabilities, and finally discuss Threat Hunting and the underlying Log Analytics Workspace.

Agenda

  • 10:00  Introductions and overview of Transparity
  • 10:15  Introduction to Azure Sentinel and why it is different to other SIEMs
  • 10:20  Data Connectors, including how to add 3rd party connectors from GitHub
  • 10:35  How to use Workbooks to visualise data
  • 10:45  Analytics Rules, the various types and an overview of the Kusto Query Language (KQL)
  • 11:00  User and Entity Behavior Analytics (UEBA), and Security Orchestration, Automation and Response (SOAR) capabilities
  • 11:10  Threat Hunting and the underlying Log Analytics Workspace (LAW)
  • 11:30  Q&A and close