A guide to using Microsoft Sentinel for monitoring the security of your containerized applications and orchestration platforms.
Part 1 of 3 part series about security monitoring of your Kubernetes Clusters and CI/CD pipelines by @singhabhi and @Umesh_Nagdev
Link to Part 2
Link to Part 3
Microsoft Sentinel is a cloud-native security information and event management (SIEM) platform that provides comprehensive threat detection and response capabilities across your hybrid environment. Microsoft Sentinel can help you monitor and protect your containerized applications by collecting and analyzing data from various sources, such as Kubernetes clusters, image build environment, and container registries. In this document, you will learn how to use Microsoft Sentinel to monitor your containerized applications and respond to potential threats.
Before you start, you need to have the following:
We will discuss the logs sources and corresponding use cases in Part 2 of this blog series.
To enable Microsoft Sentinel to collect and analyze data from your containerized applications, you need to configure the following data connectors:
Refer to blog part 2 for additional information
Refer to blog part 3 for security monitoring use cases including workbooks, analytics, search queries, etc.
In this document, you learned how to use Microsoft Sentinel to monitor and protect your containerized applications by collecting and analyzing data from Kubernetes clusters, image build environment, and container registries. You also learned how to use workbooks and analytics to gain insights and detect threats on your containerized applications. For more information on Microsoft Sentinel, visit the https://azure.microsoft.com/en-us/products/microsoft-sentinel/
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.