Episode

OPS103 - Securing your Hybrid environment – Part 2 - Azure Sentinel

Anthony sits down with Sarah Young, Sr. Program Manager for all things Security related, to discuss use of Azure Sentinel on a hybrid environment. The pair discuss how log analytics is ingested, reviewed, reported on and how attacks are remediated with data coming from both on-premises and in cloud environments.

✔️ Resources:
IT Ops Talks Hybrid Event: https://aka.ms/ITOpsTalks
IT Ops Talk Azure Sentinel Blog post: https://aka.ms/ops103-blog
IT Ops Talk Azure Sentinel Community Chat: https://aka.ms/ops103-chat
Learn More About Azure Sentinel: https://aka.ms/ops103-learnmore
Azure Sentinel Documentation: https://aka.ms/ops103-docs
Azure Sentinel Learn modules: https://aka.ms/ops103-learn
Azure Sentinel Ninja Training: https://aka.ms/ops103-ninja
Azure Sentinel Tech Community: https://aka.ms/ops103-techcom
Azure Sentinel GitHub Repo: https://aka.ms/ops103-github

🔴 To watch more sessions from the IT Ops Talks: All Things Hybrid event check out our playlist: https://www.youtube.com/playlist?list=PLjt5SKzX1iI8k8_I80quMWgeNdSGyXzaF

🔖 Chapters:
0:00 Introduction
0:24 Does Azure Sentinel only protect cloud environments?
5:36 Data Connectors demo
7:04 Common Event Format (CEF) demo
8:44 Syslog walkthrough
9:21 Security Events walkthrough
13:50 Does sending on-prem data up to the SEIM invoke latency?
16:30 GitHub repo and outside submissions of security templates
22:00 Log Analytics workspaces demo
23:51 Sentinel Reporting demo
25:49 Analytics rule wizard demo
34:00 Analytics data source filtering demo
35:09 Sentinel Incidents and Investigations demo
39:37 Logic Apps and Automation demo
49:28 Sentinel and On-premises Active Directory protection
51:40 Wrap Up

Azure
Sentinel