Cyber Security: Protect Your Organization with Microsoft Sentinel

The cyber threat landscape has changed dramatically over the last couple of years. How can you keep up with ever evolving security threats and sophisticated attacks? You can collect a lot of information using a variety of tools, but who is going to sift through all that data? And how do you differentiate legitimate actions from malicious ones?

In this workshop you will learn how Sentinel can help you accomplish these goals.

Prerequisites:

• Azure subscription with Owner permission
• If you do not have access to an Azure subscription, one can be provided to you by the instructor

Module 1: Microsoft Sentinel to the rescue

In this module you will learn what Sentinel is all about and how it can play an important role in keeping your organization save. You will activate Sentinel in your Azure subscription and start collecting data from a variety of data connectors. You will learn how to configure threat intelligence indicators and watch lists to keep a close eye on suspicious entities. By enabling User and Entity Behavior Analytics you can more easily identify the bad actors from the good ones.

Module 2: Analytics, Investigation and Hunting

Once data is being collected, you need to start analyzing all the events found to identify the suspicious activities and investigate those further. In this module you will learn how to use built-in rules and custom rules to generate alerts. The investigation page gives you a lot of insights in the alert, the suspicious activity and the entities involved. If needed you can also proactively hunt for threats and take action before any real damage is done.

Module 3: Automation

All these events and incidents require some automation to help you handle things more efficiently. Sentinel supports the use of automation rules to assign an incident to a person, to change the severity of the incident or to add some useful information for the security operator to make more informed decisions. Sentinel playbooks, based on Azure Logic apps, can be assigned to an incident to automate a variety of actions.

Module 4: Workbooks

Visualization of what is going on in your company in terms of security is another important aspect of the security operator's life. By creating Sentinel workbooks you can easily create a dynamic dashboard that can provide valuable insights in your security situation. In this module you will learn how to create and customize these workbooks.