Hello, Siberians. Welcome to this lesson on as your sentinel.
This lesson is part of the seventh model off the Desert 500. Microsoft Azure security technologist costs quick information on what will be covering in this lesson.
We'll start with an overview off as your sentinel.
Well, then discuss the various components off as a sentinel, including workspace, data collection, Analogic, six walk books, incidents on playbooks. Let's get right into this,
So I just center now is a scalable seem and sore solution or stead on the azure platform.
But what women by this, Let's review what a seem. Answer East
Same stand for security information event management
on the walk by collecting log on events, data generated from multiple sources.
Collecting the data onto a central life's platform and performing automated analysis off that data to the text threats.
This is not a full description of what it seem East. It's a shot review. Menace seems, including Nigel Sentinel off capabilities. Beyond This
swear stands for security, orchestration, automation and response
and swear allows companies to collect threat related data from a range of sauces on automates responses to the streets.
So it's makes perfect sense for both of the solutions to work together.
Sim collect logs on event from data sources on the touch treads.
So act on, detective straight on automate responses to them.
I just Internet being a cloud native. Same answer. A solution. As for me and expects to hit
first we collect log on events, data from multiple sources both in Azure and outside Azur
sending out then the textract. Using different methods,
we can invest against the threats detected in center now.
And finally we can automate response to incidents using something called playbooks
to start using as your sense. Now we need to create a centralized place to stop data that will be collecting.
And that centralized place is a log Analytics workspace. Yes. This is the same workspace that we've discussed in previous lessons
I just sent to now is the front and application. While log analytics workspace is the back and today to stop.
Once we have our workspace, we needs to collect log on events, data for analysis
on we can collect data from Azure on other cloud services, including off history. 65 We can never collect data from the AWS cloud platform.
We can collect data from Windows and Linux operating systems. Using an agent, we can collect data from different applications, including custom ones, using the A P I.
Some data can be collected in push mode, where the sauces pushed the date at the center now,
and some can be collected in pull mode, where Sentinel, which is out to collect the data, usually on a schedule.
Some sources requires the installation of an agent, for example, operating systems, while others, especially those using the AP high agent, lists
some data collected our logs, while some a security event from other solutions like Security Center or even taught party and Survivor solutions.
So you can see that there's quite event off options when it comes to collecting data into azure sentinel.
Having data is not enough. We need insights from the data,
which is why, after we have data and I just sentinel, we want to be proactive about analyzing that data to the text threats
and to enable us to do. These are just Internet provides out off the box, built in templates that can be used for this.
This template are called analytics route templates. They're designed by the Microsoft Security team on their based on known trades and common attack vectors.
We can create analytic rules toe, analyze that data based on this built in templates.
We can also create our own custom rules.
While analytics allows us to analyze that data, it again insight. Workbooks allows us to visualize on monitor data by creating dashboards
similar to analytics Sentinel as built in workbook templates that we can use to quickly create standard workbooks.
We can also create our home custom workbooks from custom queries that were right just in the Costa query language.
When it right is detected by sentinel on incident is raised.
Aan incident represents a detective trait on all development evidence for investigating that right
Sentinel allows us to group multiple related the lattes on the an incident. And I helps us to videos a lot fatigue
and for the response part Off Sentinel Playbook's A used
A security playbook is a collection off proceed EOS that can be triggered in response to an incident.
Security playbooks in Azure Sentinel are based on a geologic up work flows, which means that we get all the power, the cost immunization on the butin templates, off logic, haps
We also gets the benefit off the lad connector, ecosystem, off logic haps.
The good thing is that we don't need to Butte everything from scratch their multiple playbooks that we can start with and the get up report that I have on the screen.
He has some supplemental links for further studies on the topics covered in this lesson
on here is a summary off What we covered in this lesson, we started with an overview off. I just sent to know.
Well, then discuss the different components off your sentinel. Including what? Space data collection. Analitico. What books, incidents and playbooks.
Thanks very much for watching. And I'll see you in the next lesson.