This post has been republished via RSS; it originally appeared at: ITOps Talk Blog articles.
Anthony sits down with Sarah Young, Sr. Program Manager for all things Security related, to discuss use of Azure Sentinel on a hybrid environment. The pair discuss how log analytics is ingested, reviewed, reported on and how attacks are remediated with data coming from both on-premises and in cloud environments.
Speaker:
Sarah Young, Senior Program Manager, Azure Security
This session includes:
0:00 Introduction
0:24 Does Azure Sentinel only protect cloud environments?
5:36 Data Connectors demo
7:04 Common Event Format (CEF) demo
8:44 Syslog walkthrough
9:21 Security Events walkthrough
13:50 Does sending on-prem data up to the SEIM invoke latency?
16:30 GitHub repo and outside submissions of security templates
22:00 Log Analytics workspaces demo
23:51 Sentinel Reporting demo
25:49 Analytics rule wizard demo
34:00 Analytics data source filtering demo
35:09 Sentinel Incidents and Investigations demo
39:37 Logic Apps and Automation demo
49:28 Sentinel and On-premises Active Directory protection
51:40 Wrap Up
Community chat
Want to chat about this session? Come join us on Discord! https://aka.ms/ops103-chat
Learn More
Learn More About Azure Security Center: https://aka.ms/ops103-learnmore
Azure Sentinel Documentation: https://aka.ms/ops103-docs
Azure Sentinel Learn modules: https://aka.ms/ops103-learn
Azure Sentinel Ninja Training: https://aka.ms/ops103-ninja
Azure Sentinel Tech Community: https://aka.ms/ops103-techcom
Azure Sentinel GitHub Repo: https://aka.ms/ops103-github
What did you think? Please take a moment to submit your feedback at https://aka.ms/ops103-feedback
To watch more sessions from the IT Ops Talks: All Things Hybrid event check out https://aka.ms/ITOpsTalks