Time
8 hours 33 minutes
Difficulty
Intermediate
CEU/CPE
9

Video Transcription

00:00
Hello, Siberians. Welcome to this lesson on as your sentinel.
00:04
This lesson is part of the seventh model off the Desert 500. Microsoft Azure security technologist costs quick information on what will be covering in this lesson.
00:15
We'll start with an overview off as your sentinel.
00:19
Well, then discuss the various components off as a sentinel, including workspace, data collection, Analogic, six walk books, incidents on playbooks. Let's get right into this,
00:32
So I just center now is a scalable seem and sore solution or stead on the azure platform.
00:39
But what women by this, Let's review what a seem. Answer East
00:45
Same stand for security information event management
00:49
on the walk by collecting log on events, data generated from multiple sources.
00:55
Collecting the data onto a central life's platform and performing automated analysis off that data to the text threats.
01:03
This is not a full description of what it seem East. It's a shot review. Menace seems, including Nigel Sentinel off capabilities. Beyond This
01:12
swear stands for security, orchestration, automation and response
01:18
and swear allows companies to collect threat related data from a range of sauces on automates responses to the streets.
01:26
So it's makes perfect sense for both of the solutions to work together.
01:30
Sim collect logs on event from data sources on the touch treads.
01:36
So act on, detective straight on automate responses to them.
01:40
I just Internet being a cloud native. Same answer. A solution. As for me and expects to hit
01:46
first we collect log on events, data from multiple sources both in Azure and outside Azur
01:53
sending out then the textract. Using different methods,
01:57
we can invest against the threats detected in center now.
02:00
And finally we can automate response to incidents using something called playbooks
02:07
to start using as your sense. Now we need to create a centralized place to stop data that will be collecting.
02:15
And that centralized place is a log Analytics workspace. Yes. This is the same workspace that we've discussed in previous lessons
02:23
I just sent to now is the front and application. While log analytics workspace is the back and today to stop.
02:30
Once we have our workspace, we needs to collect log on events, data for analysis
02:37
on we can collect data from Azure on other cloud services, including off history. 65 We can never collect data from the AWS cloud platform.
02:46
We can collect data from Windows and Linux operating systems. Using an agent, we can collect data from different applications, including custom ones, using the A P I.
02:59
Some data can be collected in push mode, where the sauces pushed the date at the center now,
03:05
and some can be collected in pull mode, where Sentinel, which is out to collect the data, usually on a schedule.
03:12
Some sources requires the installation of an agent, for example, operating systems, while others, especially those using the AP high agent, lists
03:23
some data collected our logs, while some a security event from other solutions like Security Center or even taught party and Survivor solutions.
03:32
So you can see that there's quite event off options when it comes to collecting data into azure sentinel.
03:40
Having data is not enough. We need insights from the data,
03:45
which is why, after we have data and I just sentinel, we want to be proactive about analyzing that data to the text threats
03:53
and to enable us to do. These are just Internet provides out off the box, built in templates that can be used for this.
04:01
This template are called analytics route templates. They're designed by the Microsoft Security team on their based on known trades and common attack vectors.
04:13
We can create analytic rules toe, analyze that data based on this built in templates.
04:19
We can also create our own custom rules.
04:23
While analytics allows us to analyze that data, it again insight. Workbooks allows us to visualize on monitor data by creating dashboards
04:33
similar to analytics Sentinel as built in workbook templates that we can use to quickly create standard workbooks.
04:42
We can also create our home custom workbooks from custom queries that were right just in the Costa query language.
04:49
When it right is detected by sentinel on incident is raised.
04:54
Aan incident represents a detective trait on all development evidence for investigating that right
05:01
Sentinel allows us to group multiple related the lattes on the an incident. And I helps us to videos a lot fatigue
05:10
and for the response part Off Sentinel Playbook's A used
05:14
A security playbook is a collection off proceed EOS that can be triggered in response to an incident.
05:21
Security playbooks in Azure Sentinel are based on a geologic up work flows, which means that we get all the power, the cost immunization on the butin templates, off logic, haps
05:33
We also gets the benefit off the lad connector, ecosystem, off logic haps.
05:40
The good thing is that we don't need to Butte everything from scratch their multiple playbooks that we can start with and the get up report that I have on the screen.
05:49
He has some supplemental links for further studies on the topics covered in this lesson
05:56
on here is a summary off What we covered in this lesson, we started with an overview off. I just sent to know.
06:00
Well, then discuss the different components off your sentinel. Including what? Space data collection. Analitico. What books, incidents and playbooks.
06:12
Thanks very much for watching. And I'll see you in the next lesson.

Up Next

AZ-500: Microsoft Azure Security Technologies

In the AZ-500 Microsoft Azure Security Technologies training, students will learn the skills that are needed to pass the AZ-500 certification exam. All exam topics are covered as well as exam preparation strategies and hands-on practice.

Instructed By

Instructor Profile Image
David Okeyode
Cloud Security Architect
Instructor