Describe security capabilities of Microsoft Sentinel Flashcards
What is security information and event management (SIEM)?
A SIEM system is a tool that an organization uses to collect data from across the whole estate, including infrastructure, software, and resources. It does analysis, looks for correlations or anomalies, and generates alerts and incidents.
What is security orchestration automated response (SOAR)?
A SOAR system takes alerts from many sources, such as SIEM system. The SOAR system then triggers action-driven automated workflows and processes to run security tasks that mitigate the issue.
What is Microsoft Sentinel?
Microsoft Sentinel is a scalable, cloud-native SIEM/SOAR solution that delivers intelligent security analytics and threat intelligence across the enterprise. It provides a single solution for alert detection, threat visibility, proactive hunting, and threat response.
Sentinel offers end-to-end functionality like:
-Collect data at cloud scale across all users, devices, applications, and infrastructure.
-Detect threats
-Investigate
-Respond
Describe Microsoft Security Copilot
Microsoft Security Copilot is the first and only generative AI security product to help defend organizations at machine speed and scale. It’s an AI-powered security analysis tool that enables analysis to respond to threats quickly, process signals at machine speed, and risk exposure in minutes.
The primary use cases are
-Security posture management: Security Copilot delivers information on anything that might expose an org to a known threat.
-Incident response: Security Copilot can quickly surface an incident, asses its scale and impact, and guide the analyst through the response steps.
-Security reporting: Security Copilot can deliver customizable reports.
