Mar 14 2023 09:06 AM - edited Mar 14 2023 11:50 AM
For this episode, your opportunity to win a plush ninja cat is the following -
Reply to this thread with: what was your favorite feature Javier presented? Oh and what does UEBA stand for?
This offer is non-transferable and cannot be combined with any other offer. This offer ends on April 14th, 2023, or until supplies are exhausted and is not redeemable for cash. Taxes, if there are any, are the sole responsibility of the recipient. Any gift returned as non-deliverable will not be re-sent. Please allow 6-8 weeks for shipment of your gift. Microsoft reserves the right to cancel, change, or suspend this offer at any time without notice. Offer void in Cuba, Iran, North Korea, Sudan, Syria, Region of Crimea, Russia, and where prohibited.
Mar 14 2023 09:23 AM
UEBA stands for User and Entity Behavior Analytics. My favourite feature are the analytics rules.
Mar 14 2023 09:27 AM
Mar 14 2023 09:29 AM
@HeikeRitter a lot to like aggregated data, analytics, alerts, automated response, but I appreciate the alerting on incidents. Knowing you have a problem is key to thoughtful response and automating fixes.
Mar 14 2023 09:33 AM
My favorite features were automation and Sentinel having not only data connectors for Microsoft services but also for Amazon and other third party.
and UEBA is abbreviation of User and Entity Behavior Analytics
Mar 14 2023 09:33 AM
Mar 14 2023 09:34 AM
@HeikeRitter
Favourite Features:
UEBA stands for User and Entity Behaviour Analytics.
Basis the data collected by Sentinel (logs/alerts), Sentinel creates a baseline profile for entities.
These baselines profiles can then be utilised by Sentinel to detect anomalies (like login from a new/suspicious location).
Mar 14 2023 09:37 AM
UEBA = User and Entity Behavior Analytics. Favourite part was the "next steps" in the Data Connectors section. Been using Sentinel for a while now and did not know about this! Thanks Javier!
Looking forward to the next show, @HeikeRitter.
Cheers!
Mar 14 2023 09:37 AM
@HeikeRitter
My favourite feature is Hunting, it's a powerful feature that can return a lot of data which helps provide extra insight and information when looking at an incident.
UEBA means User and Entity Behavior Analytics, some call it User Entity and Behavior Analytics.
Mar 14 2023 09:37 AM - edited Mar 14 2023 09:46 AM
@HeikeRitter and Javier great show! I liked seeing the playbook templates. I had not seen them before. It's great how you can filter them to find what you need, then configure them in the logic app creator. Nice!
UEBA is User and Entity Behavior Analytics.
Mar 14 2023 09:38 AM
Hello,
My favorite feature was the automation rules & the playbooks
UEBA means User and Entity Behaviour Analytics.
Thank you
Mar 14 2023 09:59 AM
Mar 14 2023 10:00 AM
Mar 14 2023 10:32 AM
Hi, Thank you for your great video 🙂
In this video part, I've understood that there are many data connectors in sentinel, NOT ONLY FOR microsoft solutions.
It can help every users to ingest logs to sentinel, it's so EASY !!
And, in sentinel, there are many detection mechanism like ML and TI.
Through creating fusion rules, sentinel can detect advanced threats.
Admin can see the detection overview on MITRE ATT&CK page, based on this, admin can understand attack technics that is NOW happening !
Sentinel has soooo many features to realize Modern SOC for every company.
Mar 14 2023 06:44 PM
Mar 15 2023 03:08 AM
Mar 15 2023 07:12 AM
Mar 15 2023 09:44 AM
Mar 15 2023 05:49 PM
Hello Heike, great show! Thank you for having Javier on.
EBA == User and Entity Behavior Analytics
UEBA uses Artificial Intelligence (AI) and Machine Learning (ML) algorithms used to
establish a user and entity baselines and then monitor/identify anomalies, impossible travel,
and/or any other inconsistent behaviors from established baselines. Originated from FinTech as a means to minimize credit card fraud.
SOAR == Security, Orchestration, Automation, and Response is needed as SOC analysts have to do more with less. SOAR can also reduce alert fatigue in Analysts by handling common activities / alert and when a certain threshold is exceeded, alert the SOC Analyst to events they should really focus on. This is a critical capability.
One of my favorite features of Sentinel is the Fusion Analytic correlation engine that uses 10's of trillions of signals (daily) with AI/ML to produce low noise, high fidelity alerts. This dynamic content feeding Sentinel raises the bar from static on-premises manual processes into a continuous cloud powered platform!
I particularly like how Sentinel can bring in visibility from other Defender Security solutions, cloud providers, on-premises infrastructure via Azure Arc and provide dashboards with dynamic displays in a single pane of glass. I also like how Kusto Query Langauge (KQL) can be used in M365 Defender, Sentinel, Log Analytics, and Azure Data Explorer. One common language used to deeply explore, enrich, and correlate information across various Azure security solutions (MDE,MDI,MDC,MDO, etc).
Lastly the automation demonstration through logic apps and the Microsoft 365 Defender connector in Sentinel was great! This cross-functional integration of telemetry woven into and through the Azure security solution stack is impressive and very useful when it comes to event/alert enrichment, correlation, thus illuminating the operational environment folks are responsible for defending.
Mar 16 2023 09:08 AM