DEV Community

Cover image for AzureFunBytes Reminder -  Building SOC Efficiency with @Azure Sentinel with @rodtrent - 1/6/2022
Jay Gordon for Microsoft Azure

Posted on


AzureFunBytes Reminder - Building SOC Efficiency with @Azure Sentinel with @rodtrent - 1/6/2022

AzureFunBytes is a weekly opportunity to learn more about the fundamentals and foundations that make up Azure. It's a chance for me to understand more about what people across the Azure organization do and how they do it. Every week we get together at 11 AM Pacific on Microsoft LearnTV and learn more about Azure.

When: January 6, 2022 11 AM Pacific / 2 PM Eastern
Where: Microsoft LearnTV

AzureFunBytes animation

It's been a few weeks but AzureFunBytes is back with a new episode all about mitigating risk in the cloud by using tools provided by Azure. If you're currently deploying workloads in the cloud, how they handle potential intrusions and attacks is crucial. By preventing these security incidents you can build trust with those who may access your applications and IT solutions.

Microsoft documentation defines the role of security operation teams (also known as Security Operations Center (SOC), or SecOps) is detect, prioritize, and triage potential attacks. The central SecOps team monitors and analyses security-related telemetry data. Any communication, investigation, or hunting actions must be coordinated with the application team.

This week we'll investigate the use cases for implementing the first cloud native Security and Event Management service (SIEM) Microsoft Sentinel. Microsoft Sentinel includes a number of connectors for Microsoft solutions that are ready to use and provide real-time integration, such as Microsoft 365 Defender (formerly Microsoft Threat Protection) solutions and Microsoft 365 sources such as Office 365, Azure AD, Microsoft Defender for Identity (formerly Azure ATP), and Microsoft Defender for Cloud Apps, among others. There are also built-in interfaces for non-Microsoft security solutions to the broader security ecosystem. You can also link your data sources to Microsoft Sentinel using common event formats, Syslog, or REST-API.

Microsoft Sentinel exists today, in part, because of the gaps in existing tools that were identified as Microsoft began its own journey to the cloud. One of those gaps is around efficiency and scale. In this session, we’ll talk about how Microsoft Sentinel was intentionally and mindfully developed to allow security teams to do more things more quickly without a drain on resources.

With Sentinel we can:

  • Collect data at cloud scale
  • Detect threats
  • Investigate threats
  • Respond to incidents

To help me with my journey into deploying Microsoft Sentinel I'll be joined by Microsoft Senior Cloud Security Advocate Rod Trent this week to see how we can build SOC efficiency with Microsoft Sentinel. Rod will help me better understand how Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise

Our agenda includes:

  • Azure Sentinel is the Tofu tool for monitoring security for the entire environment.
  • Azure Sentinel is the sluice box of the Microsoft security platform.
  • Azure Sentinel is the Cyclorama for the connected entities.

About Rod Trent:

Rod Trent is a Senior Cloud Security Advocate for Microsoft and an Azure Sentinel global SME helping customers migrate from existing SIEMs to #AzureSentinel to achieve the promise of better security through improved efficiency without compromise. He is a husband, dad, and first-time grandfather (so speak slow and loud). He spends his spare time (if such a thing does truly exist) simultaneously watching Six Million Dollar Man TV show episodes and writing KQL queries.

Rod and I will discuss Microsoft Sentinel use cases, implementation, and best practices. So be part on Thursday, January 6th at 11 AM PT / 2 PM ET on LearnTV with your questions!

Learn about Azure fundamentals with me!

Live stream is normally found on Twitch, YouTube, and LearnTV at 11 AM PT / 2 PM ET Thursday. You can also find the recordings here as well:

AzureFunBytes on Twitch
AzureFunBytes on YouTube
Azure DevOps YouTube Channel
Follow AzureFunBytes on Twitter

Useful Docs:
Get $200 in free Azure Credit
Microsoft Learn: Introduction to Azure fundamentals
Security Operations in Azure
Microsoft Sentinel Overview
What is Microsoft Sentinel?
Microsoft Learn: Introduction to Microsoft Sentinel
Microsoft Learn: SC-200: Configure your Microsoft Sentinel environment
Pre-deployment activities and prerequisites for deploying Microsoft Sentinel
Quickstart: On-board Microsoft Sentinel
Best practices for Microsoft Sentinel
Tutorial: Use playbooks with automation rules in Microsoft Sentinel
Tutorial: Create a Power BI report from Microsoft Sentinel data
Forrester: The Total Economic Impact™ Of Microsoft Azure Sentinel
Weekly Azure Sentinel newsletter
Azure Sentinel community on LinkedIn
Azure Sentinel product blog
Rod Trent's blog

Top comments (0)

An Animated Guide to Node.js Event Loop

Node.js doesn’t stop from running other operations because of Libuv, a C++ library responsible for the event loop and asynchronously handling tasks such as network requests, DNS resolution, file system operations, data encryption, etc.

What happens under the hood when Node.js works on tasks such as database queries? We will explore it by following this piece of code step by step.