In this post, I will drive you into Microsoft Sentinel service and try to give you an idea of what this service is about and how can help you in your day-by-day work.
Microsoft Sentinel Software as a Service (SaaS) is an intelligent security service that integrates cloud security and artificial intelligence. MS Sentinel combines Security Information Event Management (SIEM) and Security Orchestration Automation Response (SOAR ) in one solution.
- SIEM : This solution is in charge of real-time capturing and handling security data from your cloud or on-premises systems and will alert you of any potential cyber-attacks or security breaches.
- SOAR : This solution takes the generated security alerts from the SIEM solution and, through AI functionality, understands the security issue and provides responses with processes to resolve it.
The main Microsoft Sentinel capabilities are:
- Collect Data : Aggregates data from users’ devices and apps hosted on the cloud or on-premises.
- Detect threats :Detect threats and minimize false positives with MS’s exceptional threat intelligence and analytics.
- Investigate threats with AI : Investigate possible dangers with AI services’ help and look for suspicious activity at scale.
- Respond to findings fast : With built-in orchestration and automation of typical processes, you can respond to incidents quickly.
Now that you’ve read about Microsoft Sentinel capabilities, let’s take a look at what they can do:
Microsoft Sentinel provide a wide range of OOB connectors, i.e. Azure AD, MS Defender for Cloud, MS 365 Defender, Windows security events, Amazon Web Services logs, G – Suite, etc.
|Info: The list includes about 124 data connectors, and this list keeps growing. For a detailed list with the support data connectors please, check this below: Find your Microsoft Sentinel data connector|
After connecting the data connectors to the data sources, Microsoft Sentinel starts collecting data, and you can select between 131 Workbooks templates to visualize your data and detect possible threat infections.
Investigate threats with AI/ML
With Microsoft Sentinel, you can investigate suspicious activity on a large scale using ML Fusion correlation engine. Operational efficiency is enhanced when enrichment and containment are automated.
Respond to findings fast
The response to finding facts feature of Microsoft Sentinel is the automatic reaction to recurring security incidents. This procedure aims to deal with the growing number of security alerts.
Microsoft Sentinel components
The list below includes Microsoft Sentinel components that enable consuming data, monitoring, alerting, hunting, investigating, responding, and interacting with different products, platforms, and services.
- Data Connectors : Microsoft Sentinel data connectors
- Parsers : Using the Advanced Security Information Model (ASIM) (Public preview)
- Workbooks : Visualize collected data
- Analytics rules : Detect threats out-of-the-box
- Hunting queries : Hunt for threats with Microsoft Sentinel
- Notebooks : Use Jupyter notebooks to hunt for security threats
- Watchlists : Use watchlists in Microsoft Sentinel
- Playbooks and Azure Logic Apps custom connectors : Automate threat response with playbooks in Microsoft Sentinel
Estimate Microsoft Sentinel costs
It is always wise to estimate the monthly or yearly fees associated with a new cloud service before utilizing it. So with Microsoft Sentinel, we can calculate and estimate the costs using the Microsoft Sentinel calculator. For more details about Microsoft Sentinel pricing, you can check this link Microsoft Sentinel pricing.
In summary, Microsoft Sentinel provides enterprise-wide threat intelligence and security analytics. As a solution, it provides several features, such as proactive threat detection, hunting, and response. Combining the above with other Azure services, i.e., Logic Apps, enhances the ability to detect, investigate, report and respond to threats, improving the security of your cloud or on-premises environments.