Forum Discussion
Azure Sentinel vs. Azure LogAnalytics
Azure Sentinel is a cloud-native SIEM that provides intelligent security analytics for your entire enterprise at cloud scale. Get limitless cloud speed and scale to help focus on what really matters. Easily collect data from all your cloud or on-premises assets, Office 365, Azure resources, and other clouds. Effectively detect threats with built-in machine learning from Microsoft’s security analytics experts. Automate threat response, using built-in orchestration and automation playbooks.
Azure Monitor, which now includes Log Analytics and Application Insights, provides sophisticated tools for collecting and analyzing telemetry that allow you to maximize the performance and availability of your cloud and on-premises resources and applications. It helps you understand how your applications are performing and proactively identifies issues affecting them and the resources they depend on.
Chris Boehm - Is it possible to do the work of Azure Sentinel like creating events and analyzing it by using Insights and Log Analytics? I know Azure Sentinel is a SIEM solution but are any capabilities for Insights and Log Analytics which Sentinel can do ?
- Chris BoehmMay 07, 2020Microsoft
Please let me know if this answered your question;
Azure Monitor has capabilities to do the following:
- Detect and diagnose issues across applications and dependencies with Application Insights.
- Correlate infrastructure issues with Azure Monitor for VMs and Azure Monitor for Containers and Support operations at scale with smart alerts and automated actions.
- Create visualizations with Azure dashboards and workbooks.
So similar things can be accomplished although the products are geared in different directions as stated above.
Azure Sentinel is sitting on-top of Log Analytics, which will have similar features without the security enrichment offerings; like some of the following examples;
-
Wide scale data collection - across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
-
Detect previously undetected threats, and minimize false positives using Microsoft's analytics and unparalleled threat intelligence.
-
Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
-
Respond to incidents rapidly with built-in orchestration and automation of common tasks.
Primary things that are different; are the Investigation and detections with AI, Incident Management capabilities, upcoming features like User and Entity Behavior Analytics and Threat Intelligence.