Since its release in preview mode in February 2019, Azure Sentinel has provided the Incidents blade in its portal as a platform to monitor and manage the situation when the configured use cases (alerts) are triggered. As the product evolved in bounds and leaps, the Incidents features has become more mature and now, combined with […]
Results for ""
We found 346 results for your search.
Microsoft Cloud App Security Design
Microsoft Cloud App Security (MCAS) has been rated as the number 1 leader CASB product in Gartner’s Magic Quadrant in 2019. As part of Microsoft’s cloud security stack, it provides full integration with other M365 security products, such as ATP, Security Center, Defender ATP and Azure Sentinel. It provides deep visibility and control of SaaS-related […]
Azure Windows Virtual Desktop Security Monitoring
Azure Windows Virtual Desktop (WVD) environment provides desktop and application virtualization, allowing connections from almost any kind of device to either a fully functional Windows 10 desktop or to an application virtualized on a Windows 10 VM. While providing great flexibility, it introduces additional components that require monitoring from a security perspective. Fortunately, the Azure […]
Azure Sentinel COVID-19 Alerts and IoCs
While the world is struggling to contain the devastating effects of the COVID-19 virus, there are an increasing number of malicious actors attempting to take advantage of it and attack organizations using the desire for information about this virus. At Managed Sentinel, we decided to create and maintain a list of IoCs (IP addresses, domains, […]
Azure Sentinel & Log Analytics Tables
Azure Sentinel is using Azure Log Analytics as the backend for the log storage and querying capabilities through Kusto Query Language (KQL). A wealth of information is available from various log sources and they are stored in Log Analytics “tables”. There are many tables created by default, though not always populated with data and many […]
AWS CloudWatch to Azure Sentinel
While talking about Azure Sentinel with cybersecurity professionals we do get the occasional regretful comment on how Sentinel sounds like a great product but their organization has invested significantly in AWS services so implicitly, Sentinel is out-of-scope of potential security controls for their infrastructure. AWS offers the CloudWatch service that is able to collect performance […]
SIEM: Traditional vs Cloud
This article reflects the TASK Jun 26, 2019 Presentation: Big changes in SIEMs: A comparison of cloud-born and traditional options Ask any cybersecurity professional to quickly tell what SIEM stands for any most will slightly hesitate before coming up with “Security Information and Events Management”, a rather long name that is just the final result […]
Mapping of On-Premises Security Controls vs Major Cloud Providers
A mapping at the very high level of on-premises security controls to native cloud services that can be used to replicate their specific role. As the cloud services tend to be more granular and overlapping in functionality, the mapping is at best approximate but it may bring some extra awareness on the options available in […]
Azure Security Center Components and Relations with Other Services
One of the most common questions that we are receiving about Azure Sentinel is about its functionality compared with Azure Security Center. The diagram below is an attempt to describe the various components of Azure Security Center, its relation with other Azure services, including Azure Sentinel as well as the interaction with non-Azure services and […]
SIEM: Traditional vs. Cloud
This article reflects the TASK Jun 26, 2019 Presentation: Big changes in SIEMs: A comparison of cloud-born and traditional options Ask any cybersecurity professional to quickly tell what SIEM stands for any most will slightly hesitate before coming up with “Security Information and Events Management”, a rather long name that is just the final result […]