The Complete Introduction to Azure Sentinel [SIEM]
What you'll learn
- You will setup Azure Sentinel to monitor your cloud environment and servers
- Setup Alerting with Azure Sentinel and integrate Sentinel with 3rd party apps like Slack
- How to automate threat response using Azure Sentinel Playbooks
- Create beautiful dashboards using Azure Sentinel Workbooks
- Why we use Sentinel and SIEM tools
- Azure Sentinel Pricing and Customer Implementation
- Data Connectors in Sentinel
- How Sentinel uses machine learning and Fusion
- Make use of notebooks with Sentinel
- Setup Custom Rules in Sentinel
- Setup Role Based Access in Azure
Requirements
- Access to an azure portal
- A desire to learn and Crush It!
- A working Computer with either Windows/MacOS or Linux
- An Internet connection
- Some Basic knowledge of unix/linux commands can be helpful, but not required
Description
Azure Sentinel is a powerful yet easy to use cloud native SIEM tool. It is used to automate all kinds of security analysis today. Sentinel can investigate all sorts of threats along with providing you useful dashboards to get a birds eye view!
Leave behind the days of manual filtering of events and step into the new age of SIEM, SEM and SOAR. When combined with the best ML algorithms, Azure Sentinel will enable you to respond to security threats at higher velocity while maintaining cost effectiveness. We will learn about the four key components of Sentinel -
1)Collect: Collect data across all sources, whether you have a multi-cloud or hybrid environment, all data sources are welcome. Even your on-premises infrastructure can supply the data.
2)Detect: Detect threats using analytics and scheduled queries well in advance.
3)Investigate: Investigate potential threats using Kusto Query Language and Machine Learning.
4)Respond: Respond to alerts and incidents with an automated playbooks and organize your team with automated slack/email notifications.
We will understand why Azure Sentinel is the perfect SIEM platform. We will learn about its features & capabilities.
As you grow to become a force in the Security/Dev team, you will adopt, in addition to Sentinel, supporting technologies that compliment cloud native tools, such as Grafana (for great dashboards ), Slack (for alerting) and Python (for Jupyter Notebooks ). All in this course! We will also make use of Custom Rules, Workbooks and Bookmarks for investigations during the course. All of these topics will be talked about , so you know what they are used for.
Everything is well documented and separated, so you can find what you need. Assignments and Quizzes will make sure you stay on track and test your knowledge. The course will have a combination of theory and practical examples.
Who this course is for:
- Developers/Tech Leads looking to monitor their cloud environments for better security
- DevOps Engineers trying to setup smart alerting for troubleshooting security threats
- Developers trying to detect, investigate and respond to security threats in the most automated way possible
- Any team trying to collaborate for dealing with security threats to their tech stack
Instructor
Graduated from the University of Pennsylvania with a degree in Computer Science. Has been working in the Industry for a few years now. He likes to teach as a hobby. Just have a passion for teaching and enjoy doing this on the side. He tries to be concise and to the point, while making sure students follow all the best practices.