Describe security capabilities of Microsoft Sentinel Flashcards
Security information and event management (SIEM)
tool that an organization uses to collect data from across the whole estate, including infrastructure, software, and resources
does analysis
looks for correlations / anaomalies
generates alerts and incidents
Security orchestration automated response (SOAR)
takes alerts from many sources - such as SIEM
triggers action driven automated workflows & processes to run security tasks that mitigate the issue
t or f
tool that an organization uses to collect data from across the whole estate, including infrastructure, software, and resources
true
Microsoft Sentinel
scalable cloud native SIEM/SOAR solution that delivers intelligent security analytics and threat intelligence
provides a single solution for alert detection, threat visibility, proactive hunting, and threat response
Microsoft Sentinel
End to end functionality of Microsoft Sentinel
Collect
Detect
Investigare
Respond
Connect Sentinel to your data
Microsoft Defender XDR solutions
Microsoft 365 sources
Microsoft Entra & more
Workbooks
monitor the data using Sentinel integration with Azure Monitor Workbooks
intended for SOC engineers and analysts of all tiers to visualize data
workbooks
type of workbooks
create custom
built in workbook templates
Analytics
correlate alerts into incidents
Incidents
groups of related alerts that together create an actionable possible threat that you can investigate and resolve
Incident management
manage lifecycle of an incident
view all related alerts to said incident
triage and investigate
Security playbooks
a collection of procedures that can help SOC engineers and analysts of all tiers to automate and simplify tasks
How do playbooks work best?
with single, repeatable taks, and require no code knowledge
Investigation
tools to help you understand the scope of a potential security threat and find the root cause
Hunting
search and query tools to proactively hunt for security threats
Jupyter Notebooks
open source web app that allows you to create and share documents that contain live code, equations, visualizations, and narrative text
Community
powerful resource for threat detection and automation.
constantly create and add new
-workbooks
-playbooks
-hunting queries
etc
Content hub
centralized location to discover and manage out of the box packaged solutions
top security challenges organizations face
increase in number of sophisticated attacks
talent shortage that is driving the need for automation, integration, and consolidation of security tools
visibility into security, privacy, compliance, governance
Microsoft Security Copilot
AI security product
help defend organizations at mace speed and scale
respond to threats quickly, process signals, assess risk exposure
The center of Microsoft Security Copilot is
the prompt bar where security analysts can ask q’s in natural language
3 primary cases for security posture management
Security posture management
Incident response
Security reporting
Security posture management
Copilot delivers information on anything that might expose an organization to a known threat
gives guidance
Incident response
quickly surface an incident
security reporting
copilot can deliver customizable reports that are ready to share
As the lead admin, it’s important to convince your team to start using Microsoft Sentinel. You’ve put together a presentation. What are the four security operation areas of Microsoft Sentinel?
Collect, Detect, Investigate, and Respond
Your estate has many different data sources where data is stored. Which tool should be used with Microsoft Sentinel to quickly gain insights across your data as soon as a data source is connected?
Azure Monitor Workbooks
