Episode
Post-Ignite 2022 Ep04: Configure your Microsoft Sentinel environment
with Benjamin Kovacevic, Matthew Lowe
Traditional security information and event management (SIEM) systems typically take a long time to set up and configure. They're also not necessarily designed with cloud workloads in mind. Microsoft Sentinel enables you to start getting valuable security insights from your cloud and on-premises data quickly. This module helps you get started. Then you will learn about the architecture of Microsoft Sentinel workspaces to ensure you configure your system to meet your organization's security operations requirements.
Learning objectives
- Identify the various components and functionality of Microsoft Sentinel.
- Identify use cases where Microsoft Sentinel would be a good solution.
- Describe Microsoft Sentinel workspace architecture
- Install Microsoft Sentinel workspace
- Manage a Microsoft Sentinel workspace
Chapters
- 00:00 - Introduction
- 01:58 - Learning objectives
- 02:29 - What is security information and event management?
- 04:00 - What is Microsoft Sentinel?
- 05:58 - How Microsoft Sentinel works
- 06:29 - Data connectors
- 09:11 - Querying and log retention
- 13:23 - Analytics rules
- 17:13 - Incidents and investigations
- 21:16 - Automation rules and playbooks
- 24:32 - User entity behavior analytics
- 27:13 - Threat hunting and notebooks
- 31:21 - Threat intelligence and watchlists
- 41:24 - When to use Microsoft Sentinel
- 43:22 - Knowledge check
- 49:01 - Create and manage Microsoft Sentinel workspaces
- 49:24 - Learning objectives
- 49:48 - Plan for the Microsoft Sentinel workspace
- 51:14 - Single-tenant single workspace
- 55:46 - Multi-tenant workspace
- 59:38 - Understand Microsoft Sentinel permissions and roles
- 01:08:18 - Demo - Create a Microsoft Sentinel workspace
- 01:15:18 - Manage Microsoft Sentinel settings
- 01:18:09 - Configure logs
- 01:29:26 - Summary and conclusions
Recommended resources
Related episodes
- Full series: Learn Live: Post-Ignite 2022
Connect
- Benjamin Kovacevic | LinkedIn: /in/benjaminkovacevic
- Matthew Lowe | LinkedIn: /in/matthew-lowe-13b61990
Traditional security information and event management (SIEM) systems typically take a long time to set up and configure. They're also not necessarily designed with cloud workloads in mind. Microsoft Sentinel enables you to start getting valuable security insights from your cloud and on-premises data quickly. This module helps you get started. Then you will learn about the architecture of Microsoft Sentinel workspaces to ensure you configure your system to meet your organization's security operations requirements.
Learning objectives
- Identify the various components and functionality of Microsoft Sentinel.
- Identify use cases where Microsoft Sentinel would be a good solution.
- Describe Microsoft Sentinel workspace architecture
- Install Microsoft Sentinel workspace
- Manage a Microsoft Sentinel workspace
Chapters
- 00:00 - Introduction
- 01:58 - Learning objectives
- 02:29 - What is security information and event management?
- 04:00 - What is Microsoft Sentinel?
- 05:58 - How Microsoft Sentinel works
- 06:29 - Data connectors
- 09:11 - Querying and log retention
- 13:23 - Analytics rules
- 17:13 - Incidents and investigations
- 21:16 - Automation rules and playbooks
- 24:32 - User entity behavior analytics
- 27:13 - Threat hunting and notebooks
- 31:21 - Threat intelligence and watchlists
- 41:24 - When to use Microsoft Sentinel
- 43:22 - Knowledge check
- 49:01 - Create and manage Microsoft Sentinel workspaces
- 49:24 - Learning objectives
- 49:48 - Plan for the Microsoft Sentinel workspace
- 51:14 - Single-tenant single workspace
- 55:46 - Multi-tenant workspace
- 59:38 - Understand Microsoft Sentinel permissions and roles
- 01:08:18 - Demo - Create a Microsoft Sentinel workspace
- 01:15:18 - Manage Microsoft Sentinel settings
- 01:18:09 - Configure logs
- 01:29:26 - Summary and conclusions
Recommended resources
Related episodes
- Full series: Learn Live: Post-Ignite 2022
Connect
- Benjamin Kovacevic | LinkedIn: /in/benjaminkovacevic
- Matthew Lowe | LinkedIn: /in/matthew-lowe-13b61990
Have feedback? Submit an issue here.