“Azure Sentinel correlates data from all those logs and presents events in real time in a single pane of glass.”
A couple of years ago, we made the decision to move to the Microsoft Azure cloud. It was a strategic initiative to move all of our premise servers to the cloud. This was a strategic initiative to adopt the cloud for hosting of applications, data warehouse, and key infrastructure components.
This move has made it easier to standardize on Microsoft’s security tools to monitor, protect, and alert on cyberthreats. One of the key services we use within the Microsoft Azure stack is Azure Sentinel. Sentinel has enabled us to consolidate most of our security logs in one single Security Information and Event Management (SIEM) to ingest logs from multiple security controls such as firewall, endpoint protection, collaboration suites, active directories, DNS traffic, DDoS protection, and others.
We began feeding Azure Sentinel log data from virtual machines; Microsoft 365 Defender (formerly Microsoft Threat Protection); Microsoft Cloud App Security; and Microsoft 365, including OneDrive, Exchange Online, Microsoft SharePoint, and Microsoft Teams. We are monitoring all those tools in Azure Sentinel through data connections available from the Sentinel dashboard. In addition
to an extensive list of connections to Microsoft technologies, Azure Sentinel has connections to many non-Microsoft vendors, such as Cisco, Check Point, Barracuda, Citrix, and Amazon Web Services. These connections would be beneficial to anyone with a more complex or multi-cloud infrastructure.
This is an excerpt from 7 Experts on Implementing Azure Sentinel. This eBook was generously sponsored by BlueVoyant.