Connection between Sentinel, ASC, Defender and Log Analytics

Bachelor Hundreogtolv 1 Reputation point
2021-02-19T09:58:27.49+00:00

What is the difference and connection between Azure Security Center, Azure Defender, Log Analytics Workspace, and Azure Sentinel, and how can they all be connected? I'm currently writing an essay about Azure and need some help understanding.

Microsoft Defender for Cloud
Microsoft Defender for Cloud
An Azure service that provides threat protection for workloads running in Azure, on-premises, and in other clouds. Previously known as Azure Security Center and Azure Defender.
823 questions
Microsoft Sentinel
Microsoft Sentinel
A scalable, cloud-native solution for security information event management and security orchestration automated response. Previously known as Azure Sentinel.
707 questions
0 comments

3 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. mx-oss 51 Reputation points
    2021-02-26T00:59:10.927+00:00

    Hi,

    Basically, they are 4 differents products but they can be interconnected in order to work together

    Defender for endpoints is a security console centralizaling the events coming from the Defender agents
    ASC is a similar to Defender for endpoints but this console is focusing on protecting the Azure ressources
    Log Analytics is a datalake where the ressources can sent their security events in order to centralized them. Then the logs can be query using KQL
    Sentinel is a cloud based SIEM. Sentinel is using Data connector to ingest security events coming from multi-clouds and from onpremise resources.
    Sentinel is levering IA to generate incidents

    1 person found this answer helpful.
  2. VipulSparsh-MSFT 16,011 Reputation points
    2021-02-19T13:31:44.68+00:00

    @Bachelor Hundreogtolv

    A good place to understand the relation and differences between Security center and Sentinel is : https://azure.microsoft.com/en-in/blog/securing-the-hybrid-cloud-with-azure-security-center-and-azure-sentinel/

    This 3rd party article also summarizes the differences : https://medium.com/the-cloud-builders-guild/what-is-the-difference-between-azure-security-center-and-azure-sentinel-9d91eb801cd2

    Azure security center mainly focus on your Cloud security posture under 2 pillars :

    Cloud security posture management (CSPM) - Security Center is available for free to all Azure users. The free experience includes CSPM features such as secure score, detection of security misconfigurations in your Azure machines, asset inventory, and more. Use these CSPM features to strengthen your hybrid cloud posture and track compliance with the built-in policies.

    Cloud workload protection (CWP) - Security Center's integrated cloud workload protection platform (CWPP), Azure Defender, brings advanced, intelligent, protection of your Azure and hybrid resources and workloads. Enabling Azure Defender brings a range of additional security features as described on this page.

    Azure Defender is required to concentrate on cloud workload protection within Azure Security Center.

    Log Analytics Workspace : ASC, Sentinel needs data to analyze , mitigate and investigate. The data is collected using the Log analytics agents which are stored under Log analytics workspace and which is later used by Security center and Sentinel to show/take actions on different entities.

    0 comments
  3. yuriehong 1 Reputation point
    2022-02-21T12:42:12.477+00:00

    Hello! Who can write my essays? I with one of my classmates are studying at the same university. In order to make his life so much easier and happier, I adviced him this writing agency's website with examples of correct essays that can be used to write his own masterpiece. Maybe, you will need to take this help in the nearest future!!

    0 comments