Episode
FastTrack for Azure Season 2 Ep15: Microsoft Sentinel Fundamentals
with Andre Murrell, Simona Kovatcheva, Rudnei Oliveira
To provide a guide in logically executing a Microsoft Sentinel Deployment and to highlight some of the key components through demonstration.
Learning objectives
- Explain Microsoft Sentinel Cost
- Discuss Architectural considerations with Microsoft Sentinel
- Demonstrate how to collect Alerts from Microsoft security products into Microsoft Sentinel for single pane of glass view
- Unify Security Tools to talk to each other include third party data connectors and solutions from Content Hub.
- Create visualization of data using Workbooks
- Demonstrate and talk through Microsoft Sentinel features via the Collect, Detect, Investigate, and Respond process leveraging User Entity Behavior Analytics (UEBA)
Chapters
- 00:11 - Welcome and Introduction
- 01:41 - Learning Materials and Links
- 02:17 - Learning Objectives
- 03:52 - Sentinel Phase 1: Collect
- 04:34 - Sentinel Architecture Design Considerations
- 07:48 - Sentinel Cost and Pricing
- 11:27 - Log Analytics Walkthrough - Estimated Cost and Retention
- 15:09 - Sentinel GitHub and All-in-One Deployment Tool
- 18:16 - Key Checkpoints in Sentinel Set-up
- 22:36 - Sentinel Roles and Permissions
- 25:07 - Content Hub Discussion
- 29:11 - Data Connectors and Data Ingestion
- 39:55 - Sentinel Phase 2: Detect
- 41:55 - User Entity Behavior Analytics and Analytic Rules
- 47:02 - Out-of-the-box Native and Third-Party Data Source Analytic Rules
- 51:39 - MITRE Attack Panel - Using it to Choose Analytic Rules
- 01:03:04 - Sentinel Phase 3: Incident and Alert Investigation
- 01:10:07 - Incident Enrichment
- 01:11:41 - Incident Actions and Tasks
- 01:14:20 - Entity Investigation
- 01:19:34 - Sentinel Phase 4: Respond
- 01:20:08 - Watchlists
- 01:21:07 - Playbooks
- 01:25:15 - Automation Rules
- 01:28:11 - Questions and Conclusion
Recommended resources
Related episodes
- Full series: Learn Live: FastTrack for Azure Season 2
Connect
- Andre Murrell | LinkedIn: /in/andre-murrell
- Simona Kovatcheva | LinkedIn: /in/simona-kovatcheva
- Rudnei Oliveira | LinkedIn: /in/rudnei-oliveira-69443523
To provide a guide in logically executing a Microsoft Sentinel Deployment and to highlight some of the key components through demonstration.
Learning objectives
- Explain Microsoft Sentinel Cost
- Discuss Architectural considerations with Microsoft Sentinel
- Demonstrate how to collect Alerts from Microsoft security products into Microsoft Sentinel for single pane of glass view
- Unify Security Tools to talk to each other include third party data connectors and solutions from Content Hub.
- Create visualization of data using Workbooks
- Demonstrate and talk through Microsoft Sentinel features via the Collect, Detect, Investigate, and Respond process leveraging User Entity Behavior Analytics (UEBA)
Chapters
- 00:11 - Welcome and Introduction
- 01:41 - Learning Materials and Links
- 02:17 - Learning Objectives
- 03:52 - Sentinel Phase 1: Collect
- 04:34 - Sentinel Architecture Design Considerations
- 07:48 - Sentinel Cost and Pricing
- 11:27 - Log Analytics Walkthrough - Estimated Cost and Retention
- 15:09 - Sentinel GitHub and All-in-One Deployment Tool
- 18:16 - Key Checkpoints in Sentinel Set-up
- 22:36 - Sentinel Roles and Permissions
- 25:07 - Content Hub Discussion
- 29:11 - Data Connectors and Data Ingestion
- 39:55 - Sentinel Phase 2: Detect
- 41:55 - User Entity Behavior Analytics and Analytic Rules
- 47:02 - Out-of-the-box Native and Third-Party Data Source Analytic Rules
- 51:39 - MITRE Attack Panel - Using it to Choose Analytic Rules
- 01:03:04 - Sentinel Phase 3: Incident and Alert Investigation
- 01:10:07 - Incident Enrichment
- 01:11:41 - Incident Actions and Tasks
- 01:14:20 - Entity Investigation
- 01:19:34 - Sentinel Phase 4: Respond
- 01:20:08 - Watchlists
- 01:21:07 - Playbooks
- 01:25:15 - Automation Rules
- 01:28:11 - Questions and Conclusion
Recommended resources
Related episodes
- Full series: Learn Live: FastTrack for Azure Season 2
Connect
- Andre Murrell | LinkedIn: /in/andre-murrell
- Simona Kovatcheva | LinkedIn: /in/simona-kovatcheva
- Rudnei Oliveira | LinkedIn: /in/rudnei-oliveira-69443523
Video URL
HTML iframe
Have feedback? Submit an issue here.