Azure Sentinel is a powerful yet easy to use cloud native SIEM tool. It is used to automate all kinds of security analysis today. Sentinel can investigate all sorts of threats along with providing you useful dashboards to get a birds eye view!
Leave behind the days of manual filtering of events and step into the new age of SIEM, SEM and SOAR. When combined with the best ML algorithms, Azure Sentinel will enable you to respond to security threats at higher velocity while maintaining cost effectiveness. We will learn about the four key components of Sentinel -
1)Collect: Collect data across all sources, whether you have a multi-cloud or hybrid environment, all data sources are welcome. Even your on-premises infrastructure can supply the data.
2)Detect: Detect threats using analytics and scheduled queries well in advance.
3)Investigate: Investigate potential threats using Kusto Query Language and Machine Learning.
4)Respond: Respond to alerts and incidents with an automated playbooks and organize your team with automated slack/email notifications.
We will understand why Azure Sentinel is the perfect SIEM platform. We will learn about its features & capabilities.
As you grow to become a force in the Security/Dev team, you will adopt, in addition to Sentinel, supporting technologies that compliment cloud native tools, such as Grafana (for great dashboards ), Slack (for alerting) and Python (for Jupyter Notebooks ). All in this course! We will also make use of Custom Rules, Workbooks and Bookmarks for investigations during the course. All of these topics will be talked about , so you know what they are used for.
Everything is well documented and separated, so you can find what you need. Assignments and Quizzes will make sure you stay on track and test your knowledge. The course will have a combination of theory and practical examples.