Skip to main content

Overview of Azure Sentinal

On 26th Sept, Microsoft announced 'Azure Sentinal' cloud-born SIEM in GA. Here below some of the key facts, you must be aware of, related to security.

Azure Sentinal is a cloud-based SIEM build with AI & ML which analyzes the TBs of data in minutes and prompt you about any security-related inconsistency followed by defining actions. No matter your applications, users, servers, and devices are on the hybrid, on-prem and any cloud other than Azure, all can be integrated using built-in connectors. It enables you to bring your own insights, tailored detection, machine learning models, and threat intelligence.


You can configure alerts, playbook, logic app flows as your actions on detected threats.

Use cases

  • In case, you have clients who have more interaction with government officials through their applications may have a threat of stealing data from malicious users.
  • Accounts may be brute-forced for such tenants to gain privileged access.
Using SIEM as a service is more optimal than running on an on-prem infrastructure, including the high cost of software tools. Microsoft provides this as a 'pay as you go' service along with a requirement specific plan as 'capacity reservation tiers' (automatically scale resources and pay for what you chose, nearly 60% off and capacity can be updated month wise).

Key Aspects

  • Can lower up event alerts by fusion technique like Yellow + Yellow as Red severity.
  • Can work with O365, Active directory using Azure activity connectors at no extra cost.

Preview Results

Accenture was a part of the Microsoft preview client base and shared some of the use cases with Azure Sentinel. One of the clients integrated with AWS connector and they received an alert as 'MFA disabled for root account', they reacted pro-actively and determined the malicious user and activity.

Accenture's client SAP has their own data center, Accenture integrated log analytics on Hana, and got an insight as someone changed the Windows SAP file, they drill-down the defaulter in minutes.

Many others like 'RapidDeploy', 'Insight' were also part of this preview access. I hope you find this helpful, refer Azure Sentinal for more details.

Comments

Popular posts from this blog

SPA on Azure

Single-page applications (SPAs) or Static websites are applications/websites which don't need any Client-Server model to serve requests from the pages or simply, are just HTML pages hosted on file servers. In the current world, we have a lot of hosting providers or cloud capabilities by many big players but what will be best that suits your budget and needs. For example: we have an 'index.html' page, but to host it, Do we really need to spend around $10-15 per month for the cheapest server? Let's directly jump on to a solution that is much efficient, reliable, and highly available worldwide. I am talking about Azure Static Websites which consists of the following components: * Azure storage, * Azure CDN - Premium Microsoft CDN, * Domain Let say, you purchase a server from any hosting provider or deploy your website on any cloud that will end up at a higher cost even in case of no visitors. But don't you worry about that, with Azure static websites,

It's all about Apache Kafka

You might have heard about Apache Kafka, let's dig into it & explore why you should be aware of this and what it brings to the table.  Let's start with 'ABC' of it, "you can take a sip of coffee" and roll it. In a typical application, we have a source system & target system and data to be transferred among them. So we need to do some integrations b/w them, all well!         but we may have one source and multiple targets then the problem arises, for image 2, we have to maintain 2*4 integrations. And  you have to care about  the protocols, data schema, data format, etc    for individual integrations, integrating as many targets come along with a load on source. There should be a distributed messaging system needed to solve this and there comes Apache Kafka, and all source & target are decoupled. Apache Kafka is developed by LinkedIn and later they donated it to Apache Software Foundation, it's written in Scala &am