Microsoft Azure Sentinel

Jelle and Gerben talk about Microsoft Azure Sentinel. They discuss how to set up monitoring and incident response. They demonstrate how to use Sentinel to centralize security data from Azure activity logs for improved visibility and automated response. Key points included ingesting logs into a log analytics workspace, using content packs for data connectors and analytic rules, and scoping data at the subscription or resource group level. They also show how to analyze logs for potential threats using queries and custom alerts. Their discussion emphasizes starting small, continuously improving rules and workbooks over time based on detected signals, and considering red team testing to evaluate detection capabilities.

Links for more information:

• Red team VS. Blue team in cybersecurity