azure sentinel use cases...“azure sentinel works seamlessly with office 365 and other azure...

Azure Sentinel

Use Cases

Overview

• In this module you will learn

where Azure Sentinel can be

used.

Pre-

requisites

• Azure Sentinel Overview

module.

Sentinel use cases and value proposition

Log

management

Detection

Single pane

of glass

Alert

handling

Investigation

& hunting

Incident

management

Response

Traditional SIEMReal time correlation

Ingest time parsing

Search based SIEMScheduled queries

Query time parsing

• Auto-scales

• Easy collection from cloud sources

• Avoid sending cloud telemetry downstream

• Key log sources are free

No brainer Advantages

• DevOps deployment and enforcement

• Distributed

• Cloud native-schema

But there is more!

• The cloud security team

Use

• Side by side deployment with current SIEM

Requirements

Cloud SIEM

“Azure Sentinel works

seamlessly with Office 365

and other Azure services and

security tools. Compared to

other SIEMS I have used, it’s

much easier to connect our

data sources to Azure

Sentinel. There are built-in

connectors not just for

Microsoft but also for other

major security vendors.”

Jay Vaidya

Senior Security Analyst, Brewin Dolphin

AP

Is • Graph

Security API

• Management

• Data ingest

• Data queryD

ep

loym

en

t

• ARM

• DevOps

integration

• Azure policy Serv

ele

ss • Logic Apps

• Azure

functions

• Lambda

functions….

X

Upstream

Downstream

Events Alerts

• Effortless infinite scale

• Ease of integration

• Effective and integrated SOAR

• Microsoft research and ML

• SIEM and data lake in one

Advantages

• SIEM replacement

Use

• On prem-collection

Requirements

Next Gen SIEM

▪ $1B

(Optional)

Collector

Proxy

OS events, DNS, Windows FW, DHCP

agent agent

CEF or Syslog

connector

Syslog (TLS, TCP, UDP)

Branch Office

CEF/Syslog

connector

WEF

Connector

HTTPS

WEC

Logstash

Custom

Connectors

• Easy collection from cloud sources.

Advantages

• Cost prohibitive.

*No* Opportunity

• Stream events to on-prem SIEM.

Requirements

Cloud Collector

Pricing

Annual ingress: GB/d x 365

Price per GB: $2.53 + $0.1 Add Months

Total annual cost: Annual ingress x Price per GB