Azure Sentinel / Microsoft Sentinel

• Azure Sentinel is now called Microsoft Sentinel.
• Definition: Sentinel is a security information and event management tool.
• This is a widely used and common tool for any cloud infrastructure and works like this:
  • Step 1: Data is collected from a range of sources, such as your network controllers, virtual machines, DNS traffic managers, and much more.
  • Step 2: The data is aggregated and normalized. This just means that it's sort of sorted and made a bit more usable.
  • Step 3: The data is analyzed, and any threats are detected.
  • Step 4: Then Sentinel does some background work with the data collected.
  • Step 5: Then any security breaches and threats are identified, and you can investigate and take appropriate action.
• In other words, Sentinel will do most of the heavy lifting before you even start investigating a potential security alert.
• One of the features that set Sentinel apart from other SIEMs is behavioral analytics.
• Using artificial intelligence, Sentinel will learn about patterns and behaviors to identify if something is out of the ordinary.
• AWS integration. You can get all the data from your AWS services fed directly into Sentinel for analysis and threat detection.
• Limitless speed and scale. Sentinel will take advantage of the huge resources on Azure to be even faster and scale to match your needs.