Introducing Microsoft Azure Sentinel, intelligent security analytics for your entire enterprise

Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.

Azure Sentinel is your birds-eye view across the enterprise alleviating the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution timeframes.

  • Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
  • Detect previously undetected threats, and minimize false positives using Microsoft’s analytics and unparalleled threat intelligence.
  • Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cybersecurity work at Microsoft.
  • Respond to incidents rapidly with built-in orchestration and automation of common tasks.

fusion

Machine Learning in Azure Sentinel is built-in right from the beginning. We have thoughtfully designed the system with ML innovations aimed to make security analysts, security data scientists, and engineers productive. One such innovation is Azure Sentinel Fusion built specially to reduce alert fatigue.

Fusion uses graph powered machine learning algorithms to correlate between millions of lower fidelity anomalous activities from different products such as Azure AD Identity Protection, and Microsoft Cloud App Security, to combine them into a manageable number of interesting security cases.

Enable fusion:

  1. In the Welcome to Cloud Shell windows that opens below, select PowerShell.
  2. Choose the subscription on which you deployed Azure Sentinel, and Create storage.
  3. After you are authenticated and and your Azure drive is built, at the command prompt, run the following commands:

az resource update –ids /subscriptions/b2eaa2c9-db10-4d59-a2a3-bf9b3383fbe8/resourceGroups/AzureSentinel/providers/Microsoft.OperationalInsights/workspaces/AzureSentinel2/providers/Microsoft.SecurityInsights/settings/Fusion –api-version 2019-01-01-preview –set properties.IsEnabled=true –subscription “b2eaa2c9-db10-4d59-a2a3-bf9b3383fbe8”

View the status of fusion:

az resource show –ids /subscriptions/b2eaa2c9-db10-4d59-a2a3-bf9b3383fbe8/resourceGroups/AzureSentinel/providers/Microsoft.OperationalInsights/workspaces/AzureSentinel2/providers/Microsoft.SecurityInsights/settings/Fusion –api-version 2019-01-01-preview –subscription “b2eaa2c9-db10-4d59-a2a3-bf9b3383fbe8”

Stay tuned………

Khalid Hussain

Recent Articles

How to configure restriction for Users from creation of Office 365 groups, Plans & Microsoft teams.

Connect-AzureAD Create new Security Group "AllowedtoCreateGroups" Get-AzureADGroup -SearchString "AllowedtoCreateGroups" $GroupName = "<SecurityGroupName>" $AllowGroupCreation = "False" Connect-AzureAD $settingsObjectID = (Get-AzureADDirectorySetting | Where-object -Property Displayname -Value "Group.Unified" -EQ).id if(!$settingsObjectID) { $template = Get-AzureADDirectorySettingTemplate | Where-object...

Attack Simulator for Office 365

Microsoft has released Attack Simulator (currently in Preview) to allow Office 365 Global Administrators to simulate phishing campaigns and other attack simulations. Prerequisites ·       Your organization’s email...

What is Advanced Threat Analytics?

Advanced Threat Analytics (ATA) is an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber-attacks and insider threats. How ATA...

How to remove Office 365 Groups permanently ?

  Hi Guys, Here is process how to remove office 365 groups or soft deleted groups from your office 365 tenant. Step-1 you need to connect with Azure...

How to solve the issue of guest users access in Office 365 when you applied restriction on office 365 groups creation tenant wide?

Connect-AzureAD via powerShell Run the following command: $template = Get-AzureADDirectorySettingTemplate | ? {$_.displayname -eq "group.unified"} See if you already have an AzureADDirectorySetting object,...

Related Stories

Leave A Reply

Please enter your comment!
Please enter your name here

Stay on op - Ge the daily news in your inbox