cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Microsoft Tech Talks (MTT) | Practical Sentinel : A Day in the Life of a Sentinel Analyst

Peter Gray
Microsoft

‎Jan 19 2021 11:19 AM - edited ‎Feb 12 2021 11:27 AM

‎Jan 19 2021 11:19 AM - edited ‎Feb 12 2021 11:27 AM

Microsoft Tech Talks (MTT) | Practical Sentinel : A Day in the Life of a Sentinel Analyst

Practical Azure Sentinel : A Day in the Life of a Sentinel Analyst 

 

 

Friday - February 12th, 2021 - 1:00PM - 2:30PM CST

 

This session brings it all together and provides real-world examples of utilizing Azure Sentinel features as a security analyst. The attendee is able to picture themselves in the role of analyst and get an understanding of the specific tasks required to accomplish their daily workload - all based on an industry standard SOC workflow. It applies specific tasks with specific Azure Sentinel features.


EVENT AGENDA:
1:00 PM – Opening / Welcome
1:10 PM - Featured Topic – Speaker
2:00 PM - Q&A

EVENT SPEAKER BIO:
Rod Trent is an Azure Sentinel global SME helping customers migrate from existing SIEMs to #AzureSentinel to achieve the promise of better security through improved efficiency without compromise.


Microsoft Teams Live Event

Microsoft Tech Talks _ Practical Azure Sentinel _ A Day in the Life of a Sentinel Analyst.ics
3540 KB
3,261 Views
3 Likes
8 Replies
Reply
8 Replies
Peter Gray

‎Feb 11 2021 11:01 AM

‎Feb 11 2021 11:01 AM

RE: Microsoft Tech Talks (MTT) | Practical Sentinel : A Day in the Life of a Sentinel Analyst

We are setting the table and getting ready to serve the smorgasbord of knowledge and experience from Rod Trent. Join us tomorrow !! Tell a friend!
1 Like
Reply
twessel

‎Feb 12 2021 12:02 PM

‎Feb 12 2021 12:02 PM

Re: Microsoft Tech Talks (MTT) | Practical Sentinel : A Day in the Life of a Sentinel Analyst

I am the sole Sentinel Analyst at my company. I have been having a hard time with false positives and haven't been using the product because of that. I have most of the analytic rules set up but like I said since I'm the only person using it and most are false positives I don't feel like I'm using Sentinel to its fullest potential. Do you have any recommendations for solving this problem and also what kind of training or help would you suggest for someone looking to get better at sentinel?@Peter Gray 

0 Likes
Reply
TS-noodlemctwoodle

‎Feb 12 2021 12:08 PM - edited ‎Feb 12 2021 12:25 PM

‎Feb 12 2021 12:08 PM - edited ‎Feb 12 2021 12:25 PM

RE: Microsoft Tech Talks (MTT) | Practical Sentinel : A Day in the Life of a Sentinel Analyst

@Peter Gray @rodtrent 

 

Are you able to give any insight on how to tackle unfamiliar sign-ins from AAD IP? 

 

We are seeing 1000s of these events every day to the point where we have had to disable them, it would be great to get your take on how we can tackle this event type and make them useful?

 

Another event that I am interested to know how you might tackle is New UserAgent discovered which we get 30+ entities a day, each time a guest logs in via AAD B2B or a user's browser gets updated. Please could you give some pointers on how we can add more context to this alert type? 

 

Many Thanks. 

0 Likes
Reply
RadRob

‎Feb 12 2021 12:08 PM

‎Feb 12 2021 12:08 PM

RE: Microsoft Tech Talks (MTT) | Practical Sentinel : A Day in the Life of a Sentinel Analyst

Is there a recording? I would like to watch it again and pass along to additional associates @Peter Gray 

0 Likes
Reply
Peter Gray

‎Feb 12 2021 12:13 PM

‎Feb 12 2021 12:13 PM

RE: Microsoft Tech Talks (MTT) | Practical Sentinel : A Day in the Life of a Sentinel Analyst

@RadRob unfortunately recordings can't be made publicly available. We are looking into a solution that would allow Premier and Unified Support customers to be able to access them, but we are probably 2 months out on that.

 

Good news though, Rod wants to present again on more topics so keep an eye out for that!

1 Like
Reply
rodtrent

‎Feb 12 2021 12:22 PM

‎Feb 12 2021 12:22 PM

Re: Microsoft Tech Talks (MTT) | Practical Sentinel : A Day in the Life of a Sentinel Analyst

@twessel Any chance you've identified the Analytics Rules that are contributing the most to your false positives? Are they coming from MCAS, possibly? What source?

0 Likes
Reply
twessel

‎Feb 12 2021 01:54 PM

‎Feb 12 2021 01:54 PM

Re: Microsoft Tech Talks (MTT) | Practical Sentinel : A Day in the Life of a Sentinel Analyst

Yes, Most of our false positives come from MCAS. @rodtrent 

0 Likes
Reply
rodtrent

‎Feb 12 2021 02:23 PM

‎Feb 12 2021 02:23 PM

Re: Microsoft Tech Talks (MTT) | Practical Sentinel : A Day in the Life of a Sentinel Analyst

@twessel Connecting MCAS to Sentinel enables a bridge between the two services so that only the originating service's (MCAS) alerts are synched to the Sentinel console. So, this would actually be a situation where MCAS policies need to be tuned on what and how often alerts are generated. 

0 Likes
Reply