“The machine learning and automation capabilities in Azure Sentinel are much further developed than in traditional SIEM solutions.”
Microsoft Azure Sentinel is a security information and event management (SIEM) system for security orchestration automated response. Azure Sentinel is most useful when you have data coming in from many tools or when your environment includes more than just Microsoft technologies. It provides a central security view of computer systems, applications, cloud instances, firewalls, and other networking components.
The machine learning and automation capabilities in Azure Sentinel are much further developed than in traditional SIEM solutions. It also has advantages over the Microsoft Defender Security Center dashboard, including the ability to incorporate data from many non-Microsoft technologies; develop more involved playbook automations; and run more advanced, in-depth log investigations and perform threat hunting. When an incident occurs, Azure Sentinel provides all the details you need to remediate it. You can see all the logs and alerts and follow every action related to that incident.
You can also create your own process automations. For example, say that Azure Sentinel detects something and creates an incident alert. You get the IP address from that incident, log the IP address in Office 365 and block it, and then send an email to the IT department detailing the changes that were made. You can automate this whole process in Azure Sentinel.
This is an excerpt from 7 Experts on Implementing Azure Sentinel. This eBook was generously sponsored by BlueVoyant.