Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure...
Transcript of Azure Sentinel Use Cases...“Azure Sentinel works seamlessly with Office 365 and other Azure...
Azure Sentinel
Use Cases
Overview
• In this module you will learn
where Azure Sentinel can be
used.
Pre-
requisites
• Azure Sentinel Overview
module.
Sentinel use cases and value proposition
Log
management
Detection
Single pane
of glass
Alert
handling
Investigation
& hunting
Incident
management
Response
Traditional SIEMReal time correlation
Ingest time parsing
Search based SIEMScheduled queries
Query time parsing
• Auto-scales
• Easy collection from cloud sources
• Avoid sending cloud telemetry downstream
• Key log sources are free
No brainer Advantages
• DevOps deployment and enforcement
• Distributed
• Cloud native-schema
But there is more!
• The cloud security team
Use
• Side by side deployment with current SIEM
Requirements
Cloud SIEM
“Azure Sentinel works
seamlessly with Office 365
and other Azure services and
security tools. Compared to
other SIEMS I have used, it’s
much easier to connect our
data sources to Azure
Sentinel. There are built-in
connectors not just for
Microsoft but also for other
major security vendors.”
Jay Vaidya
Senior Security Analyst, Brewin Dolphin
AP
Is • Graph
Security API
• Management
• Data ingest
• Data queryD
ep
loym
en
t
• ARM
• DevOps
integration
• Azure policy Serv
ele
ss • Logic Apps
• Azure
functions
• Lambda
functions….
X
Upstream
Downstream
Events Alerts
• Effortless infinite scale
• Ease of integration
• Effective and integrated SOAR
• Microsoft research and ML
• SIEM and data lake in one
Advantages
• SIEM replacement
Use
• On prem-collection
Requirements
Next Gen SIEM
▪ $1B
(Optional)
Collector
Proxy
OS events, DNS, Windows FW, DHCP
agent agent
CEF or Syslog
connector
Syslog (TLS, TCP, UDP)
Branch Office
CEF/Syslog
connector
WEF
Connector
HTTPS
WEC
Logstash
Custom
Connectors
• Easy collection from cloud sources.
Advantages
• Cost prohibitive.
*No* Opportunity
• Stream events to on-prem SIEM.
Requirements
Cloud Collector
Pricing
Annual ingress: GB/d x 365
Price per GB: $2.53 + $0.1 Add Months
Total annual cost: Annual ingress x Price per GB