Azure Sentinel
Use Cases
Overview
• In this module you will learn
where Azure Sentinel can be
used.
Pre-
requisites
• Azure Sentinel Overview
module.
Sentinel use cases and value proposition
Log
management
Detection
Single pane
of glass
Alert
handling
Investigation
& hunting
Incident
management
Response
Traditional SIEMReal time correlation
Ingest time parsing
Search based SIEMScheduled queries
Query time parsing
• Auto-scales
• Easy collection from cloud sources
• Avoid sending cloud telemetry downstream
• Key log sources are free
No brainer Advantages
• DevOps deployment and enforcement
• Distributed
• Cloud native-schema
But there is more!
• The cloud security team
Use
• Side by side deployment with current SIEM
Requirements
Cloud SIEM
“Azure Sentinel works
seamlessly with Office 365
and other Azure services and
security tools. Compared to
other SIEMS I have used, it’s
much easier to connect our
data sources to Azure
Sentinel. There are built-in
connectors not just for
Microsoft but also for other
major security vendors.”
Jay Vaidya
Senior Security Analyst, Brewin Dolphin
AP
Is • Graph
Security API
• Management
• Data ingest
• Data queryD
ep
loym
en
t
• ARM
• DevOps
integration
• Azure policy Serv
ele
ss • Logic Apps
• Azure
functions
• Lambda
functions….
X
Upstream
Downstream
Events Alerts
• Effortless infinite scale
• Ease of integration
• Effective and integrated SOAR
• Microsoft research and ML
• SIEM and data lake in one
Advantages
• SIEM replacement
Use
• On prem-collection
Requirements
Next Gen SIEM
▪ $1B
(Optional)
Collector
Proxy
OS events, DNS, Windows FW, DHCP
agent agent
CEF or Syslog
connector
Syslog (TLS, TCP, UDP)
Branch Office
CEF/Syslog
connector
WEF
Connector
HTTPS
WEC
Logstash
Custom
Connectors
• Easy collection from cloud sources.
Advantages
• Cost prohibitive.
*No* Opportunity
• Stream events to on-prem SIEM.
Requirements
Cloud Collector
Pricing
Annual ingress: GB/d x 365
Price per GB: $2.53 + $0.1 Add Months
Total annual cost: Annual ingress x Price per GB
Top Related