Full series information: aka.ms/learnlive-202302FT
More info here: aka.ms/learnlive-202302FT-Ep15
To provide a guide in logically executing a Microsoft Sentinel Deployment and to highlight some of the key components through demonstration.
---------------------
Learning objectives
- Explain Microsoft Sentinel Cost
- Discuss Architectual considerations with Microsoft Sentinel
- Demonstrate how to collect Alerts from Microsoft security products into Microsoft Sentinel for single pane of glass view
- Unify Security Tools to talk to each other include third party data connectors and solutions from Content Hub.
- Create visualization of data using Workbooks
- Demonstrate and talk through Microsoft Sentinel features through the Collect, Detect, Investigate and Respond process leveraging User Entity Behavior Analytics (UEBA)
---------------------
Chapters
--------
00:11 - Welcome and Introduction
01:41 - Learning Materials and Links
02:17 - Learning Objectives
03:52 - Sentinel Phase 1: Collect
04:34 - Sentinel Architecture Design Considerations
07:48 - Sentinel Cost and Pricing
11:27 - Log Analytics Walkthrough - Estimated Cost and Retention
15:09 - Sentinel GitHub and All-in-One Deployment Tool
18:16 - Key Checkpoints in Sentinel Set-up
22:36 - Sentinel Roles and Permissions
25:07 - Content Hub Discussion
29:11 - Data Connectors and Data Ingestion
39:55 - Sentinel Phase 2: Detect
41:55 - User Entity Behavior Analytics and Analytic Rules
47:02 - Out-of-the-box Native and Third-Party Data Source Analytic Rules
51:39 - MITRE Attack Panel - Using it to Choose Analytic Rules
1:03:04 - Sentinel Phase 3: Incident and Alert Investigation
1:10:07 - Incident Enrichment
1:11:41 - Incident Actions and Tasks
1:14:20 - Entity Investigation
1:19:34 - Sentinel Phase 4: Respond
1:20:08 - Watchlists
1:21:07 - Playbooks
1:25:15 - Automation Rules
1:28:11 - Questions and Conclusion
---------------------
Presenters
Andre Murrell
Azure Customer Engineer
Microsoft
- LinkedIn: / andre-murrell
Simona Kovatcheva
Senior Cloud Security Engineer
Microsoft
- LinkedIn: / simona-kovatcheva
Moderators
Rudnei Oliveira
Senior Customer Engineer
Microsoft
- LinkedIn: / rudnei-oliveira-69443523
12 июн 2023