Menu
What is Microsoft Sentinel?
Microsoft Sentinel (formerly Azure Sentinel) is a scalable, cloud-based, security information and event management (SIEM) solution that focuses on automation and response, in addition to being a security orchestration automation, and response (SOAR) tool.
Microsoft Sentinel provides intelligent security analysis and threat intelligence across the enterprise, providing a single, focused solution for attack detection, threat visibility, “proactive hunting” and responses to those threats.
Microsoft Sentinel gives a bird’s-eye view across your organization, easing the stress of increasingly sophisticated attacks, increasing alert volume, and long resolution timeframes.
Collect data at a cloud scale across all users, devices, applications and infrastructure, both on-premises and across multiple clouds.
Detect previously undetected threats and minimize false positives using Microsoft’s analytics and unparalleled threat intelligence.
Detect previously undetected threats Hunt down suspicious activities at scale, leveraging years of Microsoft cybersecurity work.
Respond to incidents rapidly with built-in scheduling and automation of common tasks.
Interfacing corporate data
To On-board Microsoft Sentinel, you must first make connections to your information security interfaces.
Microsoft Sentinel comes with several connectors to Microsoft solutions, available “out of the box” and providing real-time integration, including Microsoft 365 Defender (formerly Microsoft Threat Protection) solutions, and Microsoft 365 sources, including Office 365, Azure AD, Microsoft Defender for Identity (formerly Azure ATP), Microsoft Defender for Cloud Apps and more. Additionally, there are built-in connectors to the broader security ecosystem for non-Microsoft solutions. You can also use a common event format, Syslog or REST-API to connect your data sources with Microsoft Sentinel.
EXAMPLE:
An example of one of the connectors is the AWS Connector.
After setting up the Connector you can pull AWS Service logs into Microsoft Sentinel, the connector allows Microsoft Sentinel to get access to your AWS resource logs, setting up the connector creates connectivity between: Trust, AWS, and the Microsoft Sentinel. This happens because you create a Role that gives permissions to Microsoft Sentinel to access the AWS Logs.
This connector has 2 versions:
- The “old” version (legacy) which interfaces with CloudTrail of AWS and Data logs.
- A new version that knows how to interface and pull the logs directly from the S3 bucket:
- VPC Flow logs
- Guard Duty
- CloudTrail
The Microsoft Sentinel connector to the AWS allows configuration in the Microsoft Ready Scripts option.
Security Automation and Orchestration
Microsoft Sentinel makes it possible to automate frequent tasks using Playbooks that interface with your existing Azure services and tools.
When built on the foundation of Azure Logic Apps, the Microsoft Sentinel automation and orchestration solution provides a scalable architecture that enables scalable automation as new technologies and threats emerge. To build playbooks with Azure Logic Apps, you can choose from a growing gallery of built-in playbooks. These include 200+ connectors for services such as Azure functions.
The connectors allow you to apply any custom logic in ServiceNow code, Jira, Zendesk, HTTP requests, Microsoft Teams, Slack, Windows Defender ATP, and Defender for Cloud Apps.
For example, if you use the ServiceNow call system, you can use tools available in Azure Logic Apps to automate your workflows and open a ticket in ServiceNow whenever a particular event is detected.
The YouCC Technologies company will be able to accompany and advise you in the process of setting up the Microsoft Sentinel, adding and defining Connectors, connectivity to AWS, etc., this after many years of experience in the field of information security in the Microsoft worlds in the areas of 365 and Azure.
So how can YouCC Technologies assist you and your organization?
- Architecture planning and implementation of information security solutions from a variety of security system manufacturers to the cloud.
- Implementation of Microsoft Azure Security and Microsoft 365 capabilities.
- Building a DevSecOps array, planning and implementing a security architecture in the world of the cloud and containers based on NGINX+.
- Implementing business solutions that allow technology to be an ENABLER for your organization.
- Developing end-to-end solutions in the cloud environment and bringing modern capabilities to the development environment.
- Proposing a managed model for the provision of services and solutions in the field of information technologies to be carried out in a regular and efficient manner.
Interested in your cloud security?
Looking for A company that will accompany you personally, professionally and without compromise? Let's talk!
Leave us your details so that we can get to know you, understand your needs and match you with the best service.
Partners
