Improve security with Azure Sentinel – A cloud-native SIEM and SOAR solution

"Cloud security is a hot topic for a long time. Nowadays, Cloud services are growing popularity
and rapidly. Some people steal information or breach security holes without entire security
monitoring system."

Azure+Cloud PlatformAzure

2020-05-21

Cloud security is a hot topic for a long time. Nowadays, Cloud services are growing popularity and rapidly. Some people steal information or breach security holes without entire security monitoring system.

Microsoft Azure Sentinel is a cloud-native Security Information and Event Management (SIEM), Security Orchestration, Automation and Response (SOAR) solution. Microsoft has provided Azure Sentinel with preconfigured dashboards that provide insight into the various data sources. Security manager can customize all dashboards at any time to meet their needs. And customized logic alert can be design and queries as well.

Data sources require data connections which support ” Service to Service integration “, ” External solutions via API ” and ”  External solutions via agent” . 

” Service to Service integration ” support Microsoft and AWS product. For Microsoft product, it supports Azure Active Directory, DNS, Office 365, Microsoft web application firewall and etc.

For Azure Active Directory, Azure Sentinel can check prerequisites and configuration for easy setup. It contains some standard workbooks, queries and analytic rules templates for use.

 

It shows sign-in log in workbooks, query sample and analytic template.

 

In Dashboard, it can be customized to show Azure AD sign-in log, and shows application, location, device and etc.

Azure Sentinel : Azure Active Directory - sign-in log overview

 

For ” External solutions via API “, there’s some API with vendor such as Barracuda, F5, Symantec and etc. It is easy to integrate and import data collection form device to Azure Sentinel.

Azure Sentinel I Data connectors : External solutions via API

 

It shows the whole configuration and some queries and analytic rules templates for barracuda Web Application Firewall data syslog configuration.

Azure Sentinel I Data Connectors : Barracuda Web Application Firewall data syslog configuration

 

Azure Sentinel relies on machine learning to map network behavior and then identify anomalies. It correlates these results to identify critical threats. In dashboards for analysis, Microsoft Azure Sentinel has provided pre-designed templates and playbooks, which make it possible to react quickly and automatically to incidents.

To know more, please feel free to contact our Cloud advisor here.

 

Contact Sales

Customer Service