OPS103 Securing your Hybrid environment – Part 2 - Azure Sentinel

Microsoft

Anthony sits down with Sarah Young, Sr. Program Manager for all things Security related, to discuss use of Azure Sentinel on a hybrid environment.  The pair discuss how log analytics is ingested, reviewed, reported on and how attacks are remediated with data coming from both on-premises and in cloud environments. 

Resources:
IT Ops Talks Hybrid Event: https://aka.ms/ITOpsTalks​
IT Ops Talk Azure Sentinel Blog post: https://aka.ms/ops103-blog​
IT Ops Talk Azure Sentinel Community Chat: https://aka.ms/ops103-chat​
Learn More About Azure Sentinel: https://aka.ms/ops103-learnmore​
Azure Sentinel Documentation: https://aka.ms/ops103-docs​
Azure Sentinel Learn modules: https://aka.ms/ops103-learn​
Azure Sentinel Ninja Training: https://aka.ms/ops103-ninja​
Azure Sentinel Tech Community: https://aka.ms/ops103-techcom​
Azure Sentinel GitHub Repo: https://aka.ms/ops103-github​

To watch more sessions from the IT Ops Talks: All Things Hybrid event check out our playlist: https://www.youtube.com/playlist?list...​

Chapters:
0:00​ Introduction
0:24​ Does Azure Sentinel only protect cloud environments?
5:36​ Data Connectors demo
7:04​ Common Event Format (CEF) demo
8:44​ Syslog walkthrough
9:21​ Security Events walkthrough
13:50​ Does sending on-prem data up to the SEIM invoke latency?
16:30​ GitHub repo and outside submissions of security templates
22:00​ Log Analytics workspaces demo
23:51​ Sentinel Reporting demo
25:49​ Analytics rule wizard demo
34:00​ Analytics data source filtering demo
35:09​ Sentinel Incidents and Investigations demo
39:37​ Logic Apps and Automation demo
49:28​ Sentinel and On-premises Active Directory protection
51:40​ Wrap Up

0 Replies

Session Resources