Przejdź do trybu offline z Player FM !
Microsoft Sentinel Deep-Dive with Henrik Wojcik
Manage episode 400744213 series 3498024
Summary
In this episode, Henrik Wojcik, a Microsoft MVP, joins the hosts to discuss Microsoft Sentinel and provide a deep dive into its deployment and usage. They cover topics such as data residency and compliance considerations, separating operational logs and security logs, connectors for data ingestion, analytics rules and alert fatigue, scheduled queries and user and entity behavior analytics (UEBA), playbooks and automation, workbooks and data visualization, and advanced hunting with KQL queries.
Takeaways
- Consider data residency and compliance requirements when deploying Microsoft Sentinel.
- Separate operational logs and security logs to optimize cost and focus on relevant data.
- Use connectors to ingest data from various sources into Microsoft Sentinel.
- Tune analytics rules to avoid alert fatigue and focus on valuable alerts.
- Utilize scheduled queries and UEBA to identify suspicious behavior and automate investigations.
- Leverage playbooks and automation to streamline incident response and reduce manual effort.
- Create workbooks for data visualization and customize them to display relevant information.
- Explore advanced hunting with KQL queries to proactively search for threats and investigate incidents.
-------------------------------------------
Youtube Video Link: https://youtu.be/n9dDfmX-A9Q
-------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/azure/sentinel/data-connectors-reference
https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector
Henrik Wojcik:
https://www.linkedin.com/in/henrikfrandswojcik/
https://twitter.com/henrikwojcik
----------------------
Contact Us:
Threads: https://www.threads.net/@bluesecuritypodcast
-------------------------------------------
Andy Jaw
-------------------------------------------
Adam Brewer
Email: adam@bluesecuritypod.com
213 odcinków
Manage episode 400744213 series 3498024
Summary
In this episode, Henrik Wojcik, a Microsoft MVP, joins the hosts to discuss Microsoft Sentinel and provide a deep dive into its deployment and usage. They cover topics such as data residency and compliance considerations, separating operational logs and security logs, connectors for data ingestion, analytics rules and alert fatigue, scheduled queries and user and entity behavior analytics (UEBA), playbooks and automation, workbooks and data visualization, and advanced hunting with KQL queries.
Takeaways
- Consider data residency and compliance requirements when deploying Microsoft Sentinel.
- Separate operational logs and security logs to optimize cost and focus on relevant data.
- Use connectors to ingest data from various sources into Microsoft Sentinel.
- Tune analytics rules to avoid alert fatigue and focus on valuable alerts.
- Utilize scheduled queries and UEBA to identify suspicious behavior and automate investigations.
- Leverage playbooks and automation to streamline incident response and reduce manual effort.
- Create workbooks for data visualization and customize them to display relevant information.
- Explore advanced hunting with KQL queries to proactively search for threats and investigate incidents.
-------------------------------------------
Youtube Video Link: https://youtu.be/n9dDfmX-A9Q
-------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/azure/sentinel/data-connectors-reference
https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector
Henrik Wojcik:
https://www.linkedin.com/in/henrikfrandswojcik/
https://twitter.com/henrikwojcik
----------------------
Contact Us:
Threads: https://www.threads.net/@bluesecuritypodcast
-------------------------------------------
Andy Jaw
-------------------------------------------
Adam Brewer
Email: adam@bluesecuritypod.com
213 odcinków
Wszystkie odcinki
×Zapraszamy w Player FM
Odtwarzacz FM skanuje sieć w poszukiwaniu wysokiej jakości podcastów, abyś mógł się nią cieszyć już teraz. To najlepsza aplikacja do podcastów, działająca na Androidzie, iPhonie i Internecie. Zarejestruj się, aby zsynchronizować subskrypcje na różnych urządzeniach.