If you already have an Azure Log Analytics Workspace, you are one click away from Azure Sentinel. Also, you can use graphs, dashboards, or workbooks for presentation.įor a better understanding, the flow in this example of behind the scene is helpful. Respond – Finally, responding can be manual or automated with the help of Azure Sentinel playbooks.Later you will have a case created for the incident. Investigate – For triaging using the same detection methodology in conjunction with events investigation.Another option is Azure Notebook, which is more interactive and has the potential to use your data science analysis. Detect – Azure Sentinel has suggested queries, you can find samples, or build your own.Collect – By using connections from multiple vendors or operating systems, Azure Sentinel collects security events and data and keeps them for 31 days by default.Theoretically, Azure Sentinel has four core areas. After opening Azure Sentinel from the Azure portal, you will be presented with the below items:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |