Azure Sentinel Tutorial

What is Azure Sentinel

It is quite important to safeguard your enterprise data. This Azure article will discuss the Azure Sentinel Tutorial, basically a complete Azure Sentinel tutorial.

What is Azure Sentinel

Microsoft Azure sentinel is an excellent cloud-native security information and event management (SIEM) solution with built-in AI, which can scan your whole enterprise data in less time and ensure your critical data is safe. Provides you with the best intelligent security system and threat detection platform with an automated response functionality.

Azure Sentinel Architecture

Azure sentinel architecture diagram

What is Azure sentinel used for

  • Used to collect the data across the devices, all the users and different applications present both from the cloud and on-premises environments.
  • Detects the possible threats and investigates the possible threats and suspicious activities with the help of the power of the built-in AI.
  • It helps you to respond to the incidents immediately.

Benefits of Azure Sentinel

Below are a few key benefits of Microsoft Sentinel

Quick Aggregation of your Data with built-in AI

Quickly collects the security data from all the users, devices, on-premises environments, and multiple cloud environments with the built-in AI feature.

Smart Threat Detection

It uses smart threat detection algorithms to help your organization identify the affected areas quickly.

Quick Security Alert

Even though it is a matter of a huge amount of data, Azure sentinel can send quick alerts to the respective IT security teams in case any suspicious activities are detected so that the respective team can take the necessary actions to fix the issues ASAP.

Built-in automation and orchestration support

It supports the built-in automation and orchestration feature, which helps you automate and speed up the response process for these issues.

Simple Dashboards

It provides you with simple and easy-to-use dashboards that clearly visualize the entire data collected from different sources.

How does Azure sentinel work

Azure sentinel works in different stages, as mentioned below

Collection of Data from different sources

It collects all security data from different devices, users, applications, and environments, including on-premises and cloud, with the help of different connectors and available out-of-the-box solutions.

It is well integrated with different Microsoft solutions like O365, Microsoft Defender, Microsoft 365 Defender, etc.

Threat Detection

It scans the collected data and identifies the possible threats. It uses Azure analytics and the threat intelligence system. Azure analytics plays an important role in correlating alerts to incidents. Not only this, but it also helps to create different threat detection rules.

Process of Investigation

It helps you to hunt and investigate the root cause of any threats or possible suspicious activities with the power of artificial intelligence.

Create Security Alerts and Respond to incidents

Notify the respective security team regarding the threat details and suspicious activities. Responds quickly to incidents, speeds up, and automates the process with the help of the built-in automation and orchestration feature.

How to setup Azure Sentinel

Note that if you think of Azure sentinel login, you can access the service by logging in to the Azure Portal. Follow the below simple steps to set up Microsoft Sentinel.

  1. Log in to the Azure portal.
  2. Search for Microsoft Sentinel and click on the search result Microsoft Sentinel.
How to configure Azure Sentinel

3. Click on the + Create button or Create Microsoft Sentinel button.

Azure sentinel

4. Now, you need to create a workspace, and to create it, click on the + Create a new workspace button.

How to create Azure Sentinel

5. On the Create Log Analytics workspace window, click on the Basics tab and provide the below details

  • Subscription: Select the Azure subscription that you want to use here.
  • Resource Group: Select an existing resource group, or if you want, click the Create new link to create a new Resource Group.
  • Name: Provide a unique name for the instance.
  • Region: Select the region.

Keep the other options as it is on the other tabs.

Click on the Review + Create button.

How to create Microsoft Sentinel

6. It will validate all the details you provided and then show you the “validation passed” message. Now, the create button will be enabled. Click on the Create button to create the Log Analytics workspace.

what is microsoft sentinel

7. Click the Connect button under the Collect data section to add the connector.

Microsoft sentinel

8. You can find the lists of connectors available, choose the one based on your requirement.

Microsoft sentinel tutorial

9. Select the data connector based on your requirement to proceed further.

For example, Let me search and select the Azure Active Directory connector here. That will help to stream events and different types of logs found in the Azure Active Directory and will be sent to Azure Sentinel.

Azure sentinel blog

10. Click on the Open connector page button.

Azure sentinel log analytics

11. Below are the Prerequisites needed to connect to your Azure Active Directory.

azure sentinel on premise

12. Now is the time to choose the type of logs you wish to capture. Select the type of logs you want to capture under the Configuration section. You then click on the Apply Changes button to save the changes.

MS Azure sentinel

Now, the Azure Senitel will capture the Audit and Sign-in Logs from your Azure AD.

Then to monitor the data, you can connect to the Workbooks using the below instructions.

13. Click on the Next Steps tab next to the Instructions tab.

Azure sentinel on-premise active directory

14. Choose a workbook from the Recommended Workbooks section, or click on the Go to Workbooks gallery link and choose a workbook from there.

Azure sentinel overview

15. I am choosing the Azure AD Audit logs workbook. You can click the View Template button to view the template and then click the Save button.

Azure sentinel workbooks

16. On the next pop-up, choose the location to save this workbook –> Click the OK button.

Microsoft sentinel workbooks

You can repeat step-14 to step-16 for all the workbooks that you have selected.

To see the events and logs using the workbooks, you can follow the instructions below.

  • On the Microsoft Sentinel page, click the Workbooks from the left navigation –> Click on the View saved workbook button.
How to access Azure sentinel workbooks
  • Click on each workbook to see the logs and other activities.
How to access Azure sentinel workbooks

FAQs

How to see the incidents reported

To see the incidents reported in the Azure Sentinel, follow the quick step below.

  • Navigate to the Microsoft Sentinel page –> Click on the Incidents link from the left navigation.
How to see the incidents reported in Azure Sentinel

Is Azure sentinel-free?

It is free for the first 31 days only as a free trial. Then, you need to pay based on your usage and other parameters.

What does Azure Sentinel do

It helps you detect possible threats, investigate possible and suspicious activities with the built-in AI, and respond to incidents immediately.

You may also like following the articles below

Final Words

In this article, we have discussed a complete tutorial on Azure sentinel. I hope you have some idea of what Azure sentinel is. Thanks for reading this article !!!