Azure Sentinel - Frequently Asked Question
WH Question regarding Azure Sentinel.
1. What is Azure Sentinel?
2. Does it has own set of data?
3. How its differs from Azure Security Center?
Where as Azure Sentinel is cloud native Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) tool. It primary job is to collect data from various sources, such as Log Analytics, third party data sources and perform data analytics based its intelligent powered by Machine Learning.
4. What is the prerequisites?
At least one Log Analytics Workspace, which works as the primary source of the information required for sentinel to operated. We can run custom code on those data sources to get the analytics and responses which meets needs.
5. What are the 4 pillars of Azure Sentinel?
Four pillars are Collect, Detect, Investigate and Respond.
6. What are the different data sources available?
I prefer to categorize it into 2, native data sources such as Azure Activity, System Center, Active Directory and third party sources such as Palo Alto, Check Point, F5 and others.
7. What is the easy data connector to test functionality?
If Azure Activity logs is the best way to start. Make sure its connect to the workspace.
8. What about connecting Azure Security Center?
Yes, we can do it but it required upgrade, Azure Security Center Standard is required. By default we will have free tier, which is provides continuous assessment and security recommendation along with Azure Secure Score. But, free tier can no be connect to as Data Source.
9. What is the easy ways to test?
We can start with Azure Activity Log and Syslog.
10. How to remove Sentinel?
1. What is Azure Sentinel?
Its the Cloud Native SEIM tools which helps to provide the insights into the overall infrastructure. It has multiple data sources which can be connected. By default, it will be connect to the log analytics workbook.
2. Does it has own set of data?
No, all its analytics is based on the KUSTO Query which will be pre-written(git-hub), and run against the data which is already collected by log analytics. Further more, it can have Microsoft native data sources such as Active Directory Logs, or third party products such as Palo Alto, F5.
3. How its differs from Azure Security Center?
Azure Security Center is much more focus on providing the health/hygiene of the infrastructure. Its performed the calculation based on the points and presented. Once the recommendation are meet, it changes the score to the acceptable level.
Where as Azure Sentinel is cloud native Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) tool. It primary job is to collect data from various sources, such as Log Analytics, third party data sources and perform data analytics based its intelligent powered by Machine Learning.
4. What is the prerequisites?
At least one Log Analytics Workspace, which works as the primary source of the information required for sentinel to operated. We can run custom code on those data sources to get the analytics and responses which meets needs.
5. What are the 4 pillars of Azure Sentinel?
Four pillars are Collect, Detect, Investigate and Respond.
6. What are the different data sources available?
I prefer to categorize it into 2, native data sources such as Azure Activity, System Center, Active Directory and third party sources such as Palo Alto, Check Point, F5 and others.
7. What is the easy data connector to test functionality?
If Azure Activity logs is the best way to start. Make sure its connect to the workspace.
8. What about connecting Azure Security Center?
Yes, we can do it but it required upgrade, Azure Security Center Standard is required. By default we will have free tier, which is provides continuous assessment and security recommendation along with Azure Secure Score. But, free tier can no be connect to as Data Source.
9. What is the easy ways to test?
We can start with Azure Activity Log and Syslog.
10. How to remove Sentinel?
- Navigate to the Log Analytics Workspace
- Select Solution in the blade,
- Click at "SecurityInsight(yourloganalyticsworkspaceaname)
- Click at Delete.
Comments
Post a Comment