Go offline with the Player FM app!
Microsoft Sentinel Deep-Dive with Henrik Wojcik
Manage episode 400744213 series 3498024
Summary
In this episode, Henrik Wojcik, a Microsoft MVP, joins the hosts to discuss Microsoft Sentinel and provide a deep dive into its deployment and usage. They cover topics such as data residency and compliance considerations, separating operational logs and security logs, connectors for data ingestion, analytics rules and alert fatigue, scheduled queries and user and entity behavior analytics (UEBA), playbooks and automation, workbooks and data visualization, and advanced hunting with KQL queries.
Takeaways
- Consider data residency and compliance requirements when deploying Microsoft Sentinel.
- Separate operational logs and security logs to optimize cost and focus on relevant data.
- Use connectors to ingest data from various sources into Microsoft Sentinel.
- Tune analytics rules to avoid alert fatigue and focus on valuable alerts.
- Utilize scheduled queries and UEBA to identify suspicious behavior and automate investigations.
- Leverage playbooks and automation to streamline incident response and reduce manual effort.
- Create workbooks for data visualization and customize them to display relevant information.
- Explore advanced hunting with KQL queries to proactively search for threats and investigate incidents.
-------------------------------------------
Youtube Video Link: https://youtu.be/n9dDfmX-A9Q
-------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/azure/sentinel/data-connectors-reference
https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector
Henrik Wojcik:
https://www.linkedin.com/in/henrikfrandswojcik/
https://twitter.com/henrikwojcik
----------------------
Contact Us:
Threads: https://www.threads.net/@bluesecuritypodcast
-------------------------------------------
Andy Jaw
-------------------------------------------
Adam Brewer
Email: adam@bluesecuritypod.com
213 episodes
Manage episode 400744213 series 3498024
Summary
In this episode, Henrik Wojcik, a Microsoft MVP, joins the hosts to discuss Microsoft Sentinel and provide a deep dive into its deployment and usage. They cover topics such as data residency and compliance considerations, separating operational logs and security logs, connectors for data ingestion, analytics rules and alert fatigue, scheduled queries and user and entity behavior analytics (UEBA), playbooks and automation, workbooks and data visualization, and advanced hunting with KQL queries.
Takeaways
- Consider data residency and compliance requirements when deploying Microsoft Sentinel.
- Separate operational logs and security logs to optimize cost and focus on relevant data.
- Use connectors to ingest data from various sources into Microsoft Sentinel.
- Tune analytics rules to avoid alert fatigue and focus on valuable alerts.
- Utilize scheduled queries and UEBA to identify suspicious behavior and automate investigations.
- Leverage playbooks and automation to streamline incident response and reduce manual effort.
- Create workbooks for data visualization and customize them to display relevant information.
- Explore advanced hunting with KQL queries to proactively search for threats and investigate incidents.
-------------------------------------------
Youtube Video Link: https://youtu.be/n9dDfmX-A9Q
-------------------------------------------
Documentation:
https://learn.microsoft.com/en-us/azure/sentinel/data-connectors-reference
https://learn.microsoft.com/en-us/azure/sentinel/create-custom-connector
Henrik Wojcik:
https://www.linkedin.com/in/henrikfrandswojcik/
https://twitter.com/henrikwojcik
----------------------
Contact Us:
Threads: https://www.threads.net/@bluesecuritypodcast
-------------------------------------------
Andy Jaw
-------------------------------------------
Adam Brewer
Email: adam@bluesecuritypod.com
213 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.