Forem

Cover image for Sentinel Overview
Salmankhan
Salmankhan

Posted on

Sentinel Overview

Azure Sentinel Overview

Azure Sentinel is a security information event management(SIEM) & security orchestration automated response(SOAR) solution. It's very advanced centralized security monitoring and response solution. You're going to monitor data from M365, other cloud providers(AWS, GCP, IBM), Azure resources, Defender, on-Prem resources like f5 or Cisco. Gather report on these and analysis. Azure Sentinel help you with you this. Ability to detect, investigate and respond with azure Sentinel give advantage here.

!(https://dev-to-uploads.s3.amazonaws.com/uploads/articles/tgcxfyutm71j1s3rwbk0.jpeg)

It's taking of taking azure security center to next level with additional capabilities like investigate and response capability.

Azure Sentinel Configuration

*How does it work? *
It's all unnderpinned log analytics workspace. We know what log analytics workspace do. We know that they can help us to ingest data, store data and got all query language and visualization capability built on top.
Azure Sentinel is built on top of this log analytics workspace.
When you create Azure Sentinel you are just enabling log analytics workspace for Azure Sentinel.
Now we use data connectors to retrieve data and these are created by various providers for variety of data types.

!(https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9b13otd6kvuohu1q5r8m.jpeg)

Now Sentinels power is in what we going to do with data. Example - analytics, workbooks, hunting, automation etc.

Azure Sentinel alerts and incidents

how does this work
We have log analytics workspace as base where all data is going to be and that data is going to be analyzed and alert will be created on that data.
You are going to analyze data like you're going to looking for failed login attempt to Azure portal or maybe failed RDP attempt to your VM, some storage account key mishaps with multiple storage account in your environment to detect this were going to analyze our data.
So to create alert Microsoft provides several pre-built rule templates that you can use to identify security issues.
When rules become active they perform analysis and generate some alerts.
And when we generate an alert we get incidents that we can go and manage within Azure Sentinel portal.

!(https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4w6ytvbh1gu3cgo9nmyq.png)

So we have got incident management within Azure Sentinel.

Image of Timescale

🚀 pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applications—without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read full post →

Top comments (0)

Image of Docusign

🛠️ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more