DEV Community

Cover image for Sentinel Overview
Salmankhan
Salmankhan

Posted on

Sentinel Overview

#azure #sentinel #cloud #security

Azure Sentinel Overview

Azure Sentinel is a security information event management(SIEM) & security orchestration automated response(SOAR) solution. It's very advanced centralized security monitoring and response solution. You're going to monitor data from M365, other cloud providers(AWS, GCP, IBM), Azure resources, Defender, on-Prem resources like f5 or Cisco. Gather report on these and analysis. Azure Sentinel help you with you this. Ability to detect, investigate and respond with azure Sentinel give advantage here.

!(https://dev-to-uploads.s3.amazonaws.com/uploads/articles/tgcxfyutm71j1s3rwbk0.jpeg)

It's taking of taking azure security center to next level with additional capabilities like investigate and response capability.

Azure Sentinel Configuration

*How does it work? *
It's all unnderpinned log analytics workspace. We know what log analytics workspace do. We know that they can help us to ingest data, store data and got all query language and visualization capability built on top.
Azure Sentinel is built on top of this log analytics workspace.
When you create Azure Sentinel you are just enabling log analytics workspace for Azure Sentinel.
Now we use data connectors to retrieve data and these are created by various providers for variety of data types.

!(https://dev-to-uploads.s3.amazonaws.com/uploads/articles/9b13otd6kvuohu1q5r8m.jpeg)

Now Sentinels power is in what we going to do with data. Example - analytics, workbooks, hunting, automation etc.

Azure Sentinel alerts and incidents

how does this work
We have log analytics workspace as base where all data is going to be and that data is going to be analyzed and alert will be created on that data.
You are going to analyze data like you're going to looking for failed login attempt to Azure portal or maybe failed RDP attempt to your VM, some storage account key mishaps with multiple storage account in your environment to detect this were going to analyze our data.
So to create alert Microsoft provides several pre-built rule templates that you can use to identify security issues.
When rules become active they perform analysis and generate some alerts.
And when we generate an alert we get incidents that we can go and manage within Azure Sentinel portal.

!(https://dev-to-uploads.s3.amazonaws.com/uploads/articles/4w6ytvbh1gu3cgo9nmyq.png)

So we have got incident management within Azure Sentinel.

Top comments (0)

Read next

thenjdevopsguy profile image

Building And Running Apps In WASM

Michael Levan -

mihailtd profile image

Kubernetes Debugging Made Easy with mirrord

Mihai Farcas -

jordan_t profile image

Simple Go CLI-Todo App

Jordan Tingling -

imsushant12 profile image

Types of EC2 Instances: How to Choose the Right One for Your Needs

Sushant Gaurav -