What is Azure Sentinel?
Microsoft Azure Sentinel is a cloud native security information event management and security automated response solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across a business. It provides a single solution for attack detection, threat visibility, proactive hunting, and threat response.
Azure Sentinel is your view across the business alleviating the stress of attacks, increasing volumes of alerts and long resolution time frames.
Microsoft Azure Sentinel performs in the following order:
- Collect data at cloud scale across users, devices, and applications both on site and in multiple clouds.
- Detect previous undetected threats to minimise false positives using Microsoft’s analytics and threat intelligence.
- Investigate threats with artificial intelligence and hunts for suspicious activities at scale, tapping into years of cybersecurity at Microsoft.
- Respond to incidents rapidly with built-in automation of common tasks.
Types of Azure Sentinel Solutions
With Azure Sentinel there are currently available packaged content solutions. These solutions include one or more data connectors, workbooks, analytics rules, playbooks, hinting queries, watchlists and other components for Azure Sentinel.
There are two other types of solutions that can be offered at this time:
- Integrations – This includes services or tools built using Azure Sentinel to enable customers to integrate their existing applications with the Sentinel or migrate data, queries, from existing applications to Azure Sentinel.
- Service offerings – This includes listings to specifically managed services for Azure Sentinel.
Why choose Microsoft Azure Sentinel Solutions
- Users can discover packaged content and integrations that deliver value for a product or vertical with Azure Sentinel.
- Users can easily deploy content in a single step and enable content to get started.
Connecting to data
To incorporate Azure Sentinel, it is vital that you connect to your security sources. Azure Sentinel comes with a lot of connectors for Microsoft solutions available and providing real integration. These include Microsoft Cloud App security Microsoft 365 Defender solutions and Microsoft Sources such as Office 365, Azure AD, Microsoft Defender for Identity and many more.
Microsoft Sentinel incorporates proven foundations such as Log Analytics and Logic Apps. It enhances your investigation with Al an provides Microsoft threat intelligence whilst enabling you to bring your own threat intelligence. There are built in connectors to the security ecosystem for non-Azure solutions. You may also use common event format, Syslog or REST-API to connect your data sources with Microsoft Sentinel as well.
Please download our IT Landscape Report 2022 – risual to find out more about Azure Sentinel.
