Microsoft Azure Sentinel

Microsoft Azure Sentinel

Microsoft Azure Sentiel is fasting becoming a very powerful SIEM and IMO, I think its going to take the lead for the following reasons;

For all of the above reason, I am going to learn Azure Sentinel in more depth, hopefully build a cyber range using my MSDN subscription.

Gaps

  • Certification
    • FIPS 140-2 Compliance
    • WCAG 2.1 (Section 508)
  • Multi-tenancy / MSSP
  • Local customer references
  • Transfer of logs from on-prem to Cloud is complicated networking, if you need to send SYSLOG via UDP to a Public cloud, its not going to work.
  • Assessing all your data sources and method to Azure Sentil is vital om-prem SIEM this isn’t as critical although you should do this as best practice, you can assumes experience SIEM vendor will support all obvious formats.
  • Encryption and Data Masking.
  • How do you get your Data out, priority lock is a huge problem for a SIEM platform, what happens to your data when if you decided to break the contract. Also, if you wish to access that data via a different platform
  • Datasources
  • Azure monitor and sentinel take up to 8 hours to populate a suspicious log.
  • I recall when everyone moved to Office 365 and didn’t bother to maintain a strong Email Security Gateway and just went with Office 365, allot of customers got hit with Crytolockers because of this decision. All for DX transformation. You need proper security experience people in your DX transformation or building SecOps as you will end up paying the price

Azure SOC Process Framework

SOC Process Framework with Sentinel and how build a SOC and operationalize Security Operations:
Credit: Rin Ure
https://lnkd.in/dR242uYK
Main SOC Process Framework:
https://lnkd.in/dfNcpTB2
Process Framework Workbook:
https://lnkd.in/d_Pcxsrc
Get SOC Action Playbooks:
https://lnkd.in/d4czpZ4K
Incident Overview (with Remediation) Workbook:
https://lnkd.in/dKXkcCmX
What’s New: Azure Sentinel – SOC Process Framework 8 Part Video Series!
https://lnkd.in/d7wAvipW
SOCAnalystActionsByAlert.csv:
https://lnkd.in/dHs3p4Va

Research

Leave a Reply