{"id":63217,"date":"2022-01-12T08:00:03","date_gmt":"2022-01-12T16:00:03","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/devops\/?p=63217"},"modified":"2022-01-11T07:53:22","modified_gmt":"2022-01-11T15:53:22","slug":"azurefunbytes-episode-64-building-soc-efficiency-with-azure-sentinel-with-rodtrent","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/devops\/azurefunbytes-episode-64-building-soc-efficiency-with-azure-sentinel-with-rodtrent\/","title":{"rendered":"AzureFunBytes Episode 64 – Building SOC Efficiency with @Azure Sentinel with @rodtrent"},"content":{"rendered":"

AzureFunBytes is a weekly opportunity to learn more about the fundamentals and foundations that make up Azure. It’s a chance for me to understand more about what people across the Azure organization do and how they do it. Every week we get together at 11 AM Pacific on Microsoft LearnTV<\/a> and learn more about Azure.<\/p>\n

\"AzureFunBytes<\/p>\n

It’s been a few weeks but AzureFunBytes is back with a new episode all about mitigating risk in the cloud by using tools provided by Azure. If you’re currently deploying workloads in the cloud, how they handle potential intrusions and attacks is crucial. By preventing these security incidents you can build trust with those who may access your applications and IT solutions.<\/p>\n

Microsoft documentation defines the role of the security operation teams<\/a> (also known as Security Operations Center (SOC), or SecOps) is to detect, prioritize, and triage potential attacks. The central SecOps team monitors and analyses security-related telemetry data. Any communication, investigation, or hunting actions must be coordinated with the application team.<\/p>\n

This week we’ll investigate the use cases for implementing the first cloud-native Security and Event Management service (SIEM) Microsoft Sentinel<\/a>. Microsoft Sentinel includes a number of connectors for Microsoft solutions that are ready to use and provide real-time integration, such as Microsoft 365 Defender (formerly Microsoft Threat Protection) solutions and Microsoft 365 sources such as Office 365, Azure AD, Microsoft Defender for Identity (formerly Azure ATP), and Microsoft Defender for Cloud Apps, among others. There are also built-in interfaces for non-Microsoft security solutions to the broader security ecosystem. You can also link your data sources to Microsoft Sentinel using common event formats, Syslog, or REST-API.<\/p>\n

Microsoft Sentinel exists today, in part, because of the gaps in existing tools that were identified as Microsoft began its own journey to the cloud. One of those gaps is around efficiency and scale. In this session, we\u2019ll talk about how Microsoft Sentinel was intentionally and mindfully developed to allow security teams to do more things more quickly without a drain on resources.<\/p>\n

With Sentinel we can:<\/p>\n