Overview
This course aims to help learners enhance their cloud-native threat detection and response maturity using Azure Sentinel. The course covers topics such as challenges and threats in the cloud, the limitations of traditional SIEM, and the capabilities of Azure Sentinel as a native cloud solution. Learners will also acquire skills in optimizing ingestion and retention costs, threat hunting, and data enrichment. The teaching method involves a video session delivered as part of a larger event, targeting individuals interested in cloud security and Azure Sentinel optimization.
Syllabus
Intro
THE CHALLENGES IN THE CLOUD
THE THREATS IN THE CLOUD
TRADITIONAL SIEM IS NOT ENOUGH
AZURE SENTINEL-NO LONGER JUST A "SIEM"
AZURE SENTINEL-NATIVE CLOUD SOLUTION
AZURE SENTINEL - SIEM AS A CODE
THE SOC MANAGER
OPTIMIZING INGESTION COSTS-FILTERING AT THE SOURCE
OPTIMIZING INGESTION COSTS-SYSLOG DAEMON AND LOGSTASH
OPTIMIZING INGESTION COSTS - CUSTOM CODE
OPTIMIZING RETENTION COSTS
THE SECURITY ANALYST - THREAT HUNTING
The Security Analyst - Enrichment
Taught by
Microsoft Ignite