It is quite important to safeguard your enterprise data. This Azure article will discuss the Azure Sentinel Tutorial, basically a complete Azure Sentinel tutorial.
Table of Contents
- What is Azure Sentinel
- Azure Sentinel Architecture
- What is Azure sentinel used for
- Benefits of Azure Sentinel
- How does Azure sentinel work
- How to setup Azure Sentinel
- Final Words
What is Azure Sentinel
Microsoft Azure sentinel is an excellent cloud-native security information and event management (SIEM) solution with built-in AI, which can scan your whole enterprise data in less time and ensure your critical data is safe. Provides you with the best intelligent security system and threat detection platform with an automated response functionality.
Azure Sentinel Architecture
What is Azure sentinel used for
- Used to collect the data across the devices, all the users and different applications present both from the cloud and on-premises environments.
- Detects the possible threats and investigates the possible threats and suspicious activities with the help of the power of the built-in AI.
- It helps you to respond to the incidents immediately.
Benefits of Azure Sentinel
Below are a few key benefits of Microsoft Sentinel
Quick Aggregation of your Data with built-in AI
Quickly collects the security data from all the users, devices, on-premises environments, and multiple cloud environments with the built-in AI feature.
Smart Threat Detection
It uses smart threat detection algorithms to help your organization identify the affected areas quickly.
Quick Security Alert
Even though it is a matter of a huge amount of data, Azure sentinel can send quick alerts to the respective IT security teams in case any suspicious activities are detected so that the respective team can take the necessary actions to fix the issues ASAP.
Built-in automation and orchestration support
It supports the built-in automation and orchestration feature, which helps you automate and speed up the response process for these issues.
It provides you with simple and easy-to-use dashboards that clearly visualize the entire data collected from different sources.
How does Azure sentinel work
Azure sentinel works in different stages, as mentioned below
Collection of Data from different sources
It collects all security data from different devices, users, applications, and environments, including on-premises and cloud, with the help of different connectors and available out-of-the-box solutions.
It is well integrated with different Microsoft solutions like O365, Microsoft Defender, Microsoft 365 Defender, etc.
It scans the collected data and identifies the possible threats. It uses Azure analytics and the threat intelligence system. Azure analytics plays an important role in correlating alerts to incidents. Not only this, but it also helps to create different threat detection rules.
Process of Investigation
It helps you to hunt and investigate the root cause of any threats or possible suspicious activities with the power of artificial intelligence.
Create Security Alerts and Respond to incidents
Notify the respective security team regarding the threat details and suspicious activities. Responds quickly to incidents, speeds up, and automates the process with the help of the built-in automation and orchestration feature.
How to setup Azure Sentinel
Note that if you think of Azure sentinel login, you can access the service by logging in to the Azure Portal. Follow the below simple steps to set up Microsoft Sentinel.
- Log in to the Azure portal.
- Search for Microsoft Sentinel and click on the search result Microsoft Sentinel.
3. Click on the + Create button or Create Microsoft Sentinel button.
4. Now, you need to create a workspace, and to create it, click on the + Create a new workspace button.
5. On the Create Log Analytics workspace window, click on the Basics tab and provide the below details
- Subscription: Select the Azure subscription that you want to use here.
- Resource Group: Select an existing resource group, or if you want, click the Create new link to create a new Resource Group.
- Name: Provide a unique name for the instance.
- Region: Select the region.
Keep the other options as it is on the other tabs.
Click on the Review + Create button.
6. It will validate all the details you provided and then show you the “validation passed” message. Now, the create button will be enabled. Click on the Create button to create the Log Analytics workspace.
7. Click the Connect button under the Collect data section to add the connector.
8. You can find the lists of connectors available, choose the one based on your requirement.
9. Select the data connector based on your requirement to proceed further.
For example, Let me search and select the Azure Active Directory connector here. That will help to stream events and different types of logs found in the Azure Active Directory and will be sent to Azure Sentinel.
10. Click on the Open connector page button.
11. Below are the Prerequisites needed to connect to your Azure Active Directory.
12. Now is the time to choose the type of logs you wish to capture. Select the type of logs you want to capture under the Configuration section. You then click on the Apply Changes button to save the changes.
Now, the Azure Senitel will capture the Audit and Sign-in Logs from your Azure AD.
Then to monitor the data, you can connect to the Workbooks using the below instructions.
13. Click on the Next Steps tab next to the Instructions tab.
14. Choose a workbook from the Recommended Workbooks section, or click on the Go to Workbooks gallery link and choose a workbook from there.
15. I am choosing the Azure AD Audit logs workbook. You can click the View Template button to view the template and then click the Save button.
16. On the next pop-up, choose the location to save this workbook –> Click the OK button.
You can repeat step-14 to step-16 for all the workbooks that you have selected.
To see the events and logs using the workbooks, you can follow the instructions below.
- On the Microsoft Sentinel page, click the Workbooks from the left navigation –> Click on the View saved workbook button.
- Click on each workbook to see the logs and other activities.
How to see the incidents reported
To see the incidents reported in the Azure Sentinel, follow the quick step below.
- Navigate to the Microsoft Sentinel page –> Click on the Incidents link from the left navigation.
Is Azure sentinel-free?
It is free for the first 31 days only as a free trial. Then, you need to pay based on your usage and other parameters.
What does Azure Sentinel do
It helps you detect possible threats, investigate possible and suspicious activities with the built-in AI, and respond to incidents immediately.
You may also like following the articles below
In this article, we have discussed a complete tutorial on Azure sentinel. I hope you have some idea of what Azure sentinel is. Thanks for reading this article !!!
I am Rajkishore, and I have over 14 years of experience in Microsoft Azure and AWS, with good experience in Azure Functions, Storage, Virtual Machine, Logic Apps, PowerShell Commands, CLI Commands, Machine Learning, AI, Azure Cognitive Services, DevOps, etc. Not only that, I do have good real-time experience in designing and developing cloud-native data integrations on Azure or AWS, etc. I hope you will learn from these practical Azure tutorials. Read more.