Describe capabilities of Microsoft Sentinel Flashcards
Security Information and Event Management (SIEM)
A SIEM system is a tool that an organization uses to collect data from across the whole estate, including infrastructure, software, and resources. It does analysis, looks for correlations or anomalies, and generates alerts and incidents.
Security Orchestration Automated Response (SOAR)
A SOAR system takes alerts from many sources, such as a SIEM system. The SOAR system then triggers action-driven automated workflows and processes to run security tasks that mitigate the issue.
Microsoft Sentinel
Microsoft Sentinel is a scalable, cloud-native SIEM/SOAR solution that delivers intelligent security analytics and threat intelligence across the enterprise. It provides a single solution for alert detection, threat visibility, proactive hunting, and threat response.
-Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
-Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence.
-Investigate threats with artificial intelligence (AI) and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft.
-Respond to incidents rapidly with built-in orchestration and automation of common security tasks.
Key features of Microsoft Sentinel
-Connect Sentinel to your data: Sentinel comes with many connectors for Microsoft solutions, available out of the box and providing real-time integration.
-Workbooks: After you connect data sources, you can monitor the data using the Microsoft Sentinel integration with Azure Monitor Workbooks.
-Analytics: Sentinel uses analytics to correlate alerts into incidents. Incidents are groups of related alerts that together create an actionable possible-threat that you can investigate and resolve
-Manage incidents: Allows you to manage the lifecycle of the incident.
-Security automation and orchestration with playbooks: Automate some of your security operations and make your security operations center (SOC) more productive. Microsoft Sentinel integrates with Azure Logic Apps, so you can create automated workflows, or playbooks, in response to events.
-Investigation tools: Help you to understand the scope of a potential security threat and find the root cause.
-Hunting: Proactively hunt for security threats across your organization’s data sources.
-Notebooks: Jupyter Notebook is an open-source web application that allows you to create and share documents that contain live code, equations, visualizations, and narrative text. You can use Jupyter notebooks in Microsoft Sentinel to extend the scope of what you can do with Microsoft Sentinel data.
-Community: Is a powerful resource for threat detection and automation.
-Content hub: Is your centralized location to discover and manage out-of-the-box (built-in) packaged solutions.
Microsoft Security Copilot
Security Copilot is the first and only generative AI security product to help defend organizations at machine speed and scale. It’s an AI-powered security analysis tool that enables analysts to respond to threats quickly, process signals at machine speed, and assess risk exposure in minutes.
-Security posture management: Security Copilot delivers information on anything that might expose an organization to a known threat. It then gives the analyst prescriptive guidance on how to protect against those potential vulnerabilities.
-Incident response: Security Copilot can quickly surface an incident. For a surfaced incident, Security Copilot can enrich it with context from other data sources, assess its scale and impact, and provide information on what the source might be.
-Security reporting. Security Copilot can deliver customizable reports that are ready to share and easy to consume, allowing analysts to focus more on high value tasks pertinent for securing the organization.
The information you give Copilot will only be accessible to your organization. Your data is your data, and it’s protected by comprehensive enterprise compliance and security controls.
-Security Copilot is currently in preview and not yet generally available.
