It is quite important to safeguard your enterprise data. In this Azure article, we will discuss what is Azure sentinel, basically, a complete Azure sentinel tutorial.
Table of Contents
What is Azure Sentinel
Microsoft Azure sentinel is an excellent cloud-native security information and event management (SIEM) solution with built-in AI which has the capability to scan your whole enterprise data in less time and make sure your critical data is safe. Provides you with the best intelligent security system and threat detection platform with an automated response functionality.
Azure Sentinel Architecture
What is Azure sentinel used for
- Used to collect the data across the devices, all the users and different applications present both from the cloud and on-premises environments.
- Detects the possible threats and investigates the possible threats and suspicious activities with the help of the power of the built-in AI.
- Helps you to respond to the incidents immediately.
Benefits of Azure Sentinel
Below are a few key benefits of Microsoft Sentinel
Quick Aggregation of your Data with built-in AI
Quickly collects the security data from all the users, devices, on-premises environments, and multiple cloud environments with the built-in AI feature.
Smart Threat Detection
It uses smart threat detection algorithms that can help your organization to identify the affected areas quickly.
Quick Security Alert
Even though it is a matter of a huge amount of data, Azure sentinel can send quick alerts to the respective IT security teams in case of any suspicious activities are detected. So that the respective team can take the necessary actions to fix the issues ASAP.
Built-in automation and orchestration support
It supports the built-in automation and orchestration feature which helps you to automate and speed up the response process for these issues.
Simple Dashboards
It provides you with simple and easy-to-use dashboards that provide a clear visualization of the entire data collected from different sources.
How does Azure sentinel work?
Basically, Azure sentinel works in different stages as mentioned below
Collection of Data from different sources
It collects all security data from different devices, users, different applications, and different environments including on-premises and cloud, etc with the help of different connectors and the available out-of-the-box solutions.
It is well integrated with different Microsoft solutions like O365, Microsoft Defender, Microsoft 365 Defender, etc.
Threat Detection
It scans the collected data and identifies the possible threats. It uses Azure analytics and the threat intelligence system. Azure analytics plays a very important role here to correlate the alerts to different incidents. Not only this, but it also helps to create different threat detection rules.
Process of Investigation
Helps you to hunt and investigate the root cause of any threats or possible suspicious activities with the power of artificial intelligence.
Create Security Alerts and Respond to incidents
Notify the respective security team regarding the threat details and suspicious activities. Responds quickly to incidents, speeds up, and automates the process with the help of the built-in automation and orchestration feature.
Read: Azure Sentinel vs Splunk
How to configure Azure Sentinel
Note that, if you are thinking of Azure sentinel login, you can access the service by logging in to the Azure Portal. Follow the below simple steps to set up Microsoft Sentinel.
- Log in to the Azure portal.
- Search for Microsoft Sentinel and click on the search result Microsoft Sentinel.
3. Click on the + Create button or Create Microsoft Sentinel button.
4. Now, you need to create a workspace, and to create it, click on the + Create a new workspace button.
5. On the Create Log Analytics workspace window, click on the Basics tab and, provide the below details
- Subscription: Select the Azure subscription that you want to use here.
- Resource Group: Select an existing resource group or if you want you can click the Create new link to create a new Resource Group.
- Name: Provide a unique name for the instance.
- Region: Select the region.
Keep the other options as it is on the other tabs.
Click on the Review + Create button.
6. It will validate all the details provided by you and then it will show you the “validation passed” message. Now the create button will get enabled. Click on the Create button to create the Log Analytics workspace.
7. Click on the Connect button under the Collect data section to add the connector.
8. You can find the lists of connectors available, choose the one based on your requirement.
9. Select the data connector based on your requirement to proceed further.
For example, Let me search and select the Azure Active Directory connector here. That will help to stream events and different types of logs found in the Azure Active Directory and will be sent to Azure Sentinel.
10. Click on the Open connector page button.
11. Below are the Prerequisites needed to connect to your Azure Active Directory.
12. Now is the time to choose the type of logs you wish to capture. Select the type of logs you want to capture under the Configuration section. You then click on the Apply Changes button to save the changes.
Now, the Azure Senitel will capture the Audit Logs and the Sign-in Logs from your Azure AD.
Then to monitor the data, you can connect to the Workbooks using the below instructions.
13. Click on the Next steps tab present next to the Instructions tab.
14. Choose a workbook from the Recommended Workbooks section or you can click on the Go to Workbooks gallery link and choose a workbook from there.
15. I am choosing here Azure AD Audit logs workbook. You can click on the View Template button to view the template and then click on the Save button.
16. On the next pop-up, choose the location to save this workbook –> Click on the Ok button.
You can repeat step-14 to step-16 for all the workbooks that you have selected.
Now, to see the events and logs using the workbooks, you can follow the below instructions.
- On the Microsoft Sentinel page, click on the Workbooks from the left navigation –> Click on the View saved workbook button.
- Click on the each workbook to see the logs and other activities.
FAQs
How to see the incidents reported
To see the incidents that are reported in the Azure Sentinel, follow the below quick step.
- Navigate to the Microsoft Sentinel page –> Click on the Incidents link from the left navigation.
Is azure sentinel free?
It is free for the first 31 days only as a free trial. Then you need to pay based on your usage and other parameters.
You may also like following the below articles
Final Words
Well, in this article, we have discussed a complete tutorial on Azure sentinel. Hope you got some idea on What is Azure sentinel. Thanks for reading this article !!!