techorama, deep knowledge IT conference
May 06 - 08 | 2024 Antwerp | Belgium

Cyber Security: Protect Your Organization with Microsoft Sentinel

Monday 06 May

09:00 - 17:00

Els Putzeys

The cyber threat landscape has changed dramatically over the last couple of years. How can you keep up with ever evolving security threats and sophisticated attacks? You can collect a lot of information using a variety of tools, but who is going to sift through all that data? And how do you differentiate legitimate actions from malicious ones?
In this workshop you will learn how Sentinel can help you accomplish these goals.
Module 1: Microsoft Sentinel to the rescue
In this module you will learn what Sentinel is all about and how it can play an important role in keeping your organization save. You will activate Sentinel in your Azure subscription and start collecting data from a variety of data connectors. You will learn how to configure threat intelligence indicators and watch lists to keep a close eye on suspicious entities. By enabling User and Entity Behavior Analytics you can more easily identify the bad actors from the good ones.
Module 2: Analytics, Investigation and Hunting
Once data is being collected, you need to start analyzing all the events found to identify the suspicious activities and investigate those further. In this module you will learn how to use built-in rules and custom rules to generate alerts. The investigation page gives you a lot of insights in the alert, the suspicious activity and the entities involved. If needed you can also proactively hunt for threats and take action before any real damage is done.
Module 3: Automation
All these events and incidents require some automation to help you handle things more efficiently. Sentinel supports the use of automation rules to assign an incident to a person, to change the severity of the incident or to add some useful information for the security operator to make more informed decisions. Sentinel playbooks, based on Azure Logic apps, can be assigned to an incident to automate a variety of actions.
Module 4: Workbooks
Visualization of what is going on in your company in terms of security is another important aspect of the security operator's life. By creating Sentinel workbooks you can easily create a dynamic dashboard that can provide valuable insights in your security situation. In this module you will learn how to create and customize these workbooks.

Els Putzeys is an author, speaker and full-time trainer at U2U. She has over 15 years of experience in the industry. In recent years, she has a strong focus on Microsoft Azure and Microsoft 365 technologies. At U2U, she is responsible for developing and maintaining training courses on Infrastructure, Deployment, Security and Compliance.