Forum Discussion
Azure Sentinel vs. Azure LogAnalytics
Chris Boehm - Is it possible to do the work of Azure Sentinel like creating events and analyzing it by using Insights and Log Analytics? I know Azure Sentinel is a SIEM solution but are any capabilities for Insights and Log Analytics which Sentinel can do ?
Please let me know if this answered your question;
Azure Monitor has capabilities to do the following:
- Detect and diagnose issues across applications and dependencies with Application Insights.
- Correlate infrastructure issues with Azure Monitor for VMs and Azure Monitor for Containers and Support operations at scale with smart alerts and automated actions.
- Create visualizations with Azure dashboards and workbooks.
So similar things can be accomplished although the products are geared in different directions as stated above.
Azure Sentinel is sitting on-top of Log Analytics, which will have similar features without the security enrichment offerings; like some of the following examples;
-
Wide scale data collection - across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
-
Detect previously undetected threats, and minimize false positives using Microsoft's analytics and unparalleled threat intelligence.
-
Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
-
Respond to incidents rapidly with built-in orchestration and automation of common tasks.
Primary things that are different; are the Investigation and detections with AI, Incident Management capabilities, upcoming features like User and Entity Behavior Analytics and Threat Intelligence.