SOLVED

Sentinel vs CloudAppSecuruty for AWS CloudTrails

%3CLINGO-SUB%20id%3D%22lingo-sub-1329362%22%20slang%3D%22en-US%22%3ESentinel%20vs%20CloudAppSecuruty%20for%20AWS%20CloudTrails%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1329362%22%20slang%3D%22en-US%22%3E%3CP%3EThere%20is%20some%20overlap%20for%20cloudtrail%20alerts%20in%20MS%20CAS%20and%20Azure%20Sentinel.%20Is%20it%20possible%20to%20get%20some%20comparison%20of%20features%20and%20possible%20roadmaps%20for%20products.%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1353821%22%20slang%3D%22en-US%22%3ERe%3A%20Sentinel%20vs%20CloudAppSecuruty%20for%20AWS%20CloudTrails%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1353821%22%20slang%3D%22en-US%22%3E%3CP%3EHi%26nbsp%3B%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F632897%22%20target%3D%22_blank%22%3E%40vadymvedmedenko%3C%2FA%3E%26nbsp%3B%2C%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EThank%20you%20for%20the%20question.%20There%20is%20some%20overlap%20of%20AWS%20Cloudtrail%20detections%20between%20both%20products%20%2C%20but%20its%20very%20minimal.%26nbsp%3B%26nbsp%3B%3C%2FP%3E%0A%3CP%3EOn%20high%20level%2C%20MCAS%20has%20features%20such%20as%20providing%20recommendation%20for%20security%20configurations%2C%20setting%20up%20and%20control%20cloud%20apps%20with%20policies.%20On%20the%20other%20hand%2C%20Azure%20Sentinel%20do%20not%20have%20those%20but%20have%26nbsp%3Badded%20advantage%20of%20correlating%20with%20third%20party%20data%20sources%20such%20as%20firewalls%2C%20network%20devices%2C%20commercial%20EDRs%20for%20hunting%20and%20analytics%20across%20various%20phases%20of%20attacks%2C%20getting%20insights%20into%20data%20via%20workbooks%20and%20remediation%2FSOAR%20capabilities%20with%20playbooks.%26nbsp%3BI%20will%20reach%20out%20to%20MCAS%20team%20to%20consider%20publishing%20something%20highlighting%20features%20of%20both%20products.%3C%2FP%3E%0A%3CP%3EProduct%20roadmaps%20are%20generally%20shared%20with%20customers%20under%20NDA.%20Let%20me%20know%20if%20that%20is%20the%20case%20and%20I%20will%20connect%20you%20with%20relevant%20teams%2Fpersons.%3C%2FP%3E%0A%3CP%3E%26nbsp%3B%3C%2FP%3E%0A%3CP%3EHappy%20to%20answer%20any%20additional%20questions%20you%20have%20regarding%20Sentinel%20AWS%20detections.%3C%2FP%3E%3C%2FLINGO-BODY%3E
Highlighted
Regular Visitor

There is some overlap for cloudtrail alerts in MS CAS and Azure Sentinel. Is it possible to get some comparison of features and possible roadmaps for products.

1 Reply
Highlighted
Solution

Hi @vadymvedmedenko ,

 

Thank you for the question. There is some overlap of AWS Cloudtrail detections between both products , but its very minimal.  

On high level, MCAS has features such as providing recommendation for security configurations, setting up and control cloud apps with policies. On the other hand, Azure Sentinel do not have those but have added advantage of correlating with third party data sources such as firewalls, network devices, commercial EDRs for hunting and analytics across various phases of attacks, getting insights into data via workbooks and remediation/SOAR capabilities with playbooks. I will reach out to MCAS team to consider publishing something highlighting features of both products.

Product roadmaps are generally shared with customers under NDA. Let me know if that is the case and I will connect you with relevant teams/persons.

 

Happy to answer any additional questions you have regarding Sentinel AWS detections.