Anthony sits down with Sarah Young, Sr. Program Manager for all things Security related, to discuss use of Azure Sentinel on a hybrid environment. The pair discuss how log analytics is ingested, reviewed, reported on and how attacks are remediated with data coming from both on-premises and in cloud environments.
Chapters: 0:00 Introduction 0:24 Does Azure Sentinel only protect cloud environments? 5:36 Data Connectors demo 7:04 Common Event Format (CEF) demo 8:44 Syslog walkthrough 9:21 Security Events walkthrough 13:50 Does sending on-prem data up to the SEIM invoke latency? 16:30 GitHub repo and outside submissions of security templates 22:00 Log Analytics workspaces demo 23:51 Sentinel Reporting demo 25:49 Analytics rule wizard demo 34:00 Analytics data source filtering demo 35:09 Sentinel Incidents and Investigations demo 39:37 Logic Apps and Automation demo 49:28 Sentinel and On-premises Active Directory protection 51:40 Wrap Up