Azure Sentinel is Microsoft cloud-native SIEM and SOAR. Say goodbye to 6 months SIEM solution setup and architecture – get started with visibility on you environement just now, and use the rich ecosystem of connectors to extend intelligence to your complete security suite.
On-demand session
Here is the link to attend the full session, on-demand: https://info.microsoft.com/AP-AzureSec-WBNR-FY20-10Oct-24-AzureSentinel-SRDEM10204_LP02OnDemandRegistration-ForminBody.html
Slides
Demos
Onboarding Sentinel and dahsboards exploration
Security Investigations with Azure Sentinel
Additionnal resources:
- Sentinel Onboarding: https://docs.microsoft.com/en-us/azure/sentinel/quickstart-onboard
- Azure Sentinel Landing Page: https://azure.microsoft.com/en-sg/services/azure-sentinel/
- Connectors list: https://docs.microsoft.com/en-us/azure/sentinel/connect-data-sources
- Community GitHub: https://github.com/Azure/Azure-Sentinel
- Insecure protocol dashboards: https://blogs.technet.microsoft.com/jonsh/azure-sentinel-insecure-protocols-dashboard-setup/
- MITRE ATT&CK Detection rules: https://github.com/BlueTeamLabs/sentinel-attack/tree/master/detections
- Converting Sigma detection rules to KQL: https://techcommunity.microsoft.com/t5/Azure-Sentinel/Importing-Sigma-Rules-to-Azure-Sentinel/ba-p/657097
- Hunting framework: https://github.com/wortell/AZSentinel and https://github.com/BlueTeamLabs/sentinel-attack
- Demo of F5 Big IP Integration with Azure Sentinel: https://www.youtube.com/watch?v=4uLoEW_l6EQ
As usual, happy to hear your feedbacks!
