Integration of Azure Sentinel

%3CLINGO-SUB%20id%3D%22lingo-sub-2105414%22%20slang%3D%22en-US%22%3EIntegration%20of%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2105414%22%20slang%3D%22en-US%22%3E%3CP%3EHi%20everyone%2C%3C%2FP%3E%3CP%3EI've%20discover%20Sentinel%20recently%2C%20hence%20why%20i%20have%20some%20basics%20questions.%20Here%20they%20are%3A%3C%2FP%3E%3CP%3EI%20would%20like%20to%20know%20in%20a%20practical%20way%20how%20Sentinel%20fits%20into%20the%20architecture%20of%20a%20company%20%3F%20Is%20there%20any%20video%20available%20on%20this%3F%3C%2FP%3E%3CP%3EI%20mean%20how%20is%20the%20solution%20able%20to%20know%20the%20infrastructure%20within%20which%20it%20is%20added%3F%3C%2FP%3E%3CP%3EHow%20Sentinel%20gets%20to%20know%20users%20in%20a%20particular%20department%20of%20the%20company%20(which%20later%20allows%20this%20SIEM%20solution%20to%20determine%20an%20anomaly%20when%20a%20person%20from%20the%20sales%20department%20connects%20to%20a%20position%20in%20the%20legal%20department%2C%20for%20example)%3F%3C%2FP%3E%3CP%3EAlso%2C%20how%20many%20time%20does%20it%20take%20to%20achieve%20a%20project%20of%20adopting%20Azure%20Sentinel%20in%20an%20enterprise%3F%20I%20understand%20it%20might%20depend%20on%20the%20IT%20architecture%20of%20the%20corporate%20but%20i%20would%20like%20to%20have%20an%20estimation.%3C%2FP%3E%3CP%3EThanks%20in%20advance%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-2105908%22%20slang%3D%22en-US%22%3ERe%3A%20Integration%20of%20Azure%20Sentinel%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-2105908%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F945840%22%20target%3D%22_blank%22%3E%40Larissa_ADEGBIDI%3C%2FA%3E%26nbsp%3BFor%20most%20of%20your%20questions%2C%20I%20recommend%20reading%20the%20Azure%20Sentinel%20Ninja%20training%3A%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fbecome-an-azure-sentinel-ninja-the-complete-level-400-training%2Fba-p%2F1246310%22%20target%3D%22_blank%22%3Ehttps%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fazure-sentinel%2Fbecome-an-azure-sentinel-ninja-the-complete-level-400-training%2Fba-p%2F1246310%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20a%20nutshell%2C%20everything%20that%20Azure%20Sentinel%20knows%20depends%20on%20the%20data%20it%20is%20ingesting%20via%20data%20connectors.%26nbsp%3B%20There%20is%20always%20going%20to%20be%20a%20balance%20between%20having%20the%20needed%20data%20and%20having%20to%20pay%20for%20all%20that%20data.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EIn%20regards%20to%20how%20much%20time%20it%20would%20take%20I'll%20give%20the%20typical%20consultant%20answer%3A%26nbsp%3B%20It%20depends%20%3A)%3C%2Fimg%3E%26nbsp%3B%20%26nbsp%3B%20It%20will%20depend%20a%20lot%20on%20what%20data%20you%20want%20to%20ingest%20(and%20where%20it%20is%20located%3B%20Azure%2C%20on-prem%2C%20elsewhere)%2C%20what%20rules%20will%20need%20to%20be%20created%20to%20use%20this%20data%20(although%20Azure%20Sentinel%20has%20a%20lot%20of%20rule%20templates%20they%20do%20not%20cover%20every%20possible%20data%20source)%2C%20custom%20workbooks%20and%20playbooks%2C%20and%20how%20much%20training%20is%20needed%20(are%20you%20going%20to%20be%20doing%20the%20maintaining%2C%20monitoring%2C%20and%20investigation%20or%20let%20a%20Managed%20Service%20provider%20handle%20it%3F).%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E
Occasional Visitor

Hi everyone,

I've discover Sentinel recently, hence why i have some basics questions. Here they are:

I would like to know in a practical way how Sentinel fits into the architecture of a company ? Is there any video available on this?

I mean how is the solution able to know the infrastructure within which it is added?

How Sentinel gets to know users in a particular department of the company (which later allows this SIEM solution to determine an anomaly when a person from the sales department connects to a position in the legal department, for example)?

Also, how many time does it take to achieve a project of adopting Azure Sentinel in an enterprise? I understand it might depend on the IT architecture of the corporate but i would like to have an estimation.

Thanks in advance

2 Replies

@Larissa_ADEGBIDI For most of your questions, I recommend reading the Azure Sentinel Ninja training: https://techcommunity.microsoft.com/t5/azure-sentinel/become-an-azure-sentinel-ninja-the-complete-le...

 

In a nutshell, everything that Azure Sentinel knows depends on the data it is ingesting via data connectors.  There is always going to be a balance between having the needed data and having to pay for all that data.

 

In regards to how much time it would take I'll give the typical consultant answer:  It depends :)    It will depend a lot on what data you want to ingest (and where it is located; Azure, on-prem, elsewhere), what rules will need to be created to use this data (although Azure Sentinel has a lot of rule templates they do not cover every possible data source), custom workbooks and playbooks, and how much training is needed (are you going to be doing the maintaining, monitoring, and investigation or let a Managed Service provider handle it?).

 

Thanks Gary Bushey!