Abstract image of a woman sitting on books and studying on a laptop

Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat responses in Azure through Logic Apps

A
azuredayit

Azure Sentinel is an intelligent, cloud-native SIEM that leverages AI and automation to enhance security operations, aiming to efficiently respond to incidents across an expanding digital estate. It enables visibility, analytics, threat hunting, and incident management, while also allowing for automation through integrated Azure Logic Apps. The platform supports various data sources, offers customizable analytics and hunting queries, and provides community contributions for enhanced functionality.

Software
1 of 29
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
Azure Sentinel: set up automated threat responses in Azure through Logic Apps
Thanks to
AGENDA • Azure Sentinel main features • Respond to incidents rapidly with built-in orchestration and automation • DEMO
Expanding digital estate
Too many disconnected products 76% report increasing security data* 3.5M unfilled security jobs in 2021 Lack of automation 44% of alerts are never investigated IT deployment & maintenance Sophistication of threats Security operations challenges
Introducing Azure Sentinel intelligent, cloud-native SIEM Uses AI and automation to improve effectiveness Scales to support your growing digital estate Delivers instant value to your defenders
End-to-end solution for security operations Analytics DetectCollect Incidents AutomationVisibility Hunting Investigate Respond Powered by community + backed by Microsoft’s security experts
Visibility
Collect security data at cloud scale from any source
Use workbooks to power interactive dashboards Choose from a gallery of workbooks Customize or create your own workbooks using queries Take advantage of rich visualization options Gain insight into one or more data sources
Analytics
Leverage analytics to detect threats Choose from more than 100 built-in analytics rules Customize and create your own rules using KQL queries Correlate events with your threat intelligence and now with Microsoft URL intelligence Trigger automated playbooks
Tap into the power of ML increase your catch rate without increasing noise Use built–in models – no ML experience required Detects anomalies using transferred learning Fuses data sources to detect threats that span the kill chain Simply connect your data and learning begins Bring your own ML models (coming soon)
Hunting
Start hunting over security data with fast, flexible queries Run built-in threat hunting queries - no prior query experience required Customize and create your own hunting queries using KQL Integrate hunting and investigations
Use bookmarks and live stream to manage your hunts Bookmark notable data Start an investigation from a bookmark or add to an existing incident Monitor a live stream of new threat related activity
Use Jupyter notebooks for advanced hunting Run in the Azure cloud Save as sharable HTML/JSON Query Azure Sentinel data Bring external data sources Use your language of choice - Python, SQL, KQL, R, …
Incidents
Start and track investigations from prioritized, actionable security incidents Use incident to collect related alerts, events, and bookmarks Manage assignments and track status Add tags and comments Trigger automated playbooks
Visualize the entire attack to determine scope and impact Navigate the relationships between related alerts, bookmarks, and entities Expand the scope using exploration queries View a timeline of related alerts, events, and bookmarks Gain deep insights into related entities – users, domains, and more
Automation
Automate and orchestrate security operations using integrated Azure Logic Apps Build automated and scalable playbooks that integrate across tools Choose from a library of samples Create your own playbooks using 200+ built-in connectors Trigger a playbook from an alert or incident investigation
Example playbooks Assign an Incident to an Analyst Open a Ticket (ServiceNow/Jira) Keep Incident Status in Sync Post in a Teams or Slack Channel Lookup Geo for an IP Trigger Defender ATP Investigation Send Validation Email to User Block an IP Address Block User Access Trigger Conditional Access Isolate Machine Incident Management Enrichment+ Investigation Remediation
Community Hundreds of contributions, including data connectors, workbooks, analytics rules, queries, notebooks, parsers, functions, and playbooks are available on GitHub.
Take actions today—Get started with Azure Sentinel To learn more, visit https://aka.ms/AzureSentinel Create Azure Sentinel instance Connect data sources Start Microsoft Azure trial
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat responses in Azure through Logic Apps
Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat responses in Azure through Logic Apps
Thank You!!!
Thanks to

More Related Content

PPTX
Azure sentinel
Marius Sandbu
 
PDF
Azure DDoS Protection Standard
arnaudlh
 
PPTX
Remediate and secure your organization with azure sentinel
Samik Roy
 
PPTX
Threat Hunting on AWS using Azure Sentinel
Ashwin Patil, GCIH, GCIA, GCFE
 
PDF
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
wwwally
 
PPTX
Adam ochs sentinel
Adam Ochs
 
PPTX
Protect Office 365 with Azure Sentinel
Nanddeep Nachan
 
PPTX
Azure sentinal
Allied Consultants
 
Azure sentinel
Marius Sandbu
 
Azure DDoS Protection Standard
arnaudlh
 
Remediate and secure your organization with azure sentinel
Samik Roy
 
Threat Hunting on AWS using Azure Sentinel
Ashwin Patil, GCIH, GCIA, GCFE
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
wwwally
 
Adam ochs sentinel
Adam Ochs
 
Protect Office 365 with Azure Sentinel
Nanddeep Nachan
 
Azure sentinal
Allied Consultants
 

What's hot (20)

PDF
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
Karl Ots
 
PDF
Microsoft Azure Security Overview
Alert Logic
 
PDF
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
 
PPTX
CSS 17: NYC - Building Secure Solutions in AWS
Alert Logic
 
PDF
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
CloudVillage
 
PDF
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
PPTX
Shared Security Responsibility for the Azure Cloud
Alert Logic
 
PPTX
Journey to Azure Sentinel
Cheah Eng Soon
 
PDF
Govern Your Cloud: The Foundation for Success
Alert Logic
 
PDF
Azure vm introduction
Lalit Rawat
 
PPTX
Microsoft Azure News - April 2021
Daniel Toomey
 
PDF
The Intersection of Security & DevOps
Alert Logic
 
PPTX
CSS 17: NYC - Protecting your Web Applications
Alert Logic
 
PPTX
CSS 17: NYC - Realities of Security in the Cloud
Alert Logic
 
PPTX
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
Cisco DevNet
 
PPTX
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
Alert Logic
 
PDF
Managed Threat Detection and Response
Alert Logic
 
PPTX
#ALSummit: Alert Logic & AWS - AWS Security Services
Alert Logic
 
PPT
Cisco Security Technical Alliance
Cisco DevNet
 
PDF
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
 
ISC2 Secure Summit EMEA - Top Microsoft Azure security fails and how to avoid...
Karl Ots
 
Microsoft Azure Security Overview
Alert Logic
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
 
CSS 17: NYC - Building Secure Solutions in AWS
Alert Logic
 
ATT&CKing the Sentinel – deploying a threat hunting capability on Azure Senti...
CloudVillage
 
CSS17: Houston - Azure Shared Security Model Overview
Alert Logic
 
Shared Security Responsibility for the Azure Cloud
Alert Logic
 
Journey to Azure Sentinel
Cheah Eng Soon
 
Govern Your Cloud: The Foundation for Success
Alert Logic
 
Azure vm introduction
Lalit Rawat
 
Microsoft Azure News - April 2021
Daniel Toomey
 
The Intersection of Security & DevOps
Alert Logic
 
CSS 17: NYC - Protecting your Web Applications
Alert Logic
 
CSS 17: NYC - Realities of Security in the Cloud
Alert Logic
 
DEVNET-1123 CSTA - Cisco Security Technical Alliances, New Program for Ecosys...
Cisco DevNet
 
CSS 17: NYC - The AWS Shared Responsibility Model in Practice
Alert Logic
 
Managed Threat Detection and Response
Alert Logic
 
#ALSummit: Alert Logic & AWS - AWS Security Services
Alert Logic
 
Cisco Security Technical Alliance
Cisco DevNet
 
Extending Amazon GuardDuty with Cloud Insight Essentials
Alert Logic
 
Ad

Similar to Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat responses in Azure through Logic Apps (20)

PDF
Azure Sentinel Tips
Mario Worwell
 
PPTX
Modernize your Security Operations with Azure Sentinel
Cheah Eng Soon
 
PPTX
Azure Sentinel with Office 365
Cheah Eng Soon
 
PPTX
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 
PDF
L400-P1 Overview.pdf
FadhilMuhammad80
 
PPTX
Microsoft Sentinel and Its Components.pptx
Infosectrain3
 
PPTX
Azure Sentinel.pptx
Mohit Chhabra
 
PDF
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Prometix Pty Ltd
 
PDF
Microsoft Azure Sentinel
BGA Cyber Security
 
PPTX
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
carlitocabana
 
PPTX
TechTalksUtah-Sentinel-20191108.pptx
JustineGarcia32
 
PDF
Introduction to Azure Sentinel
arnaudlh
 
PPTX
NVS_Sentinel
Mike Mihm
 
PPTX
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
PDF
introduction to Azure Sentinel
Robert Crane
 
PPTX
Azure Sentinel
Cheah Eng Soon
 
PDF
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Research
 
PDF
7 Experts on Implementing Azure Sentinel
Mighty Guides, Inc.
 
PDF
Gill C. Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 2...
Hafiz Rahmat Ullah
 
PDF
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Kranthi Aragonda
 
Azure Sentinel Tips
Mario Worwell
 
Modernize your Security Operations with Azure Sentinel
Cheah Eng Soon
 
Azure Sentinel with Office 365
Cheah Eng Soon
 
Azure Sentinel Jan 2021 overview deck
Matt Soseman
 
L400-P1 Overview.pdf
FadhilMuhammad80
 
Microsoft Sentinel and Its Components.pptx
Infosectrain3
 
Azure Sentinel.pptx
Mohit Chhabra
 
Planning and implementing. Unveiling the advanced technology of Microsoft Azu...
Prometix Pty Ltd
 
Microsoft Azure Sentinel
BGA Cyber Security
 
07 - Defend Against Threats with SIEM Plus XDR Workshop - Microsoft Sentinel ...
carlitocabana
 
TechTalksUtah-Sentinel-20191108.pptx
JustineGarcia32
 
Introduction to Azure Sentinel
arnaudlh
 
NVS_Sentinel
Mike Mihm
 
SEIM-Microsoft Sentinel.pptx
AmrMousa51
 
introduction to Azure Sentinel
Robert Crane
 
Azure Sentinel
Cheah Eng Soon
 
SBA Security Meetup - Deploying and managing azure sentinel as code by Bojan ...
SBA Research
 
7 Experts on Implementing Azure Sentinel
Mighty Guides, Inc.
 
Gill C. Configuring Windows Server Hybrid Advanced Services Exam Ref AZ-801 2...
Hafiz Rahmat Ullah
 
Microsoft Sentinel- a cloud native SIEM & SOAR.pdf
Kranthi Aragonda
 
Ad

More from azuredayit (14)

PDF
Azure Day Rome Reloaded 2019 - ML.NET Model Lifecycle with Azure DevOps
azuredayit
 
PDF
Azure Day Rome Reloaded 2019 - Reactive Systems with Event Grid
azuredayit
 
PDF
Azure Day Rome Reloaded 2019 - Building serverless microservices in azure
azuredayit
 
PDF
Azure Day Rome Reloaded 2019 - Cloud Journey – FastTrack for Azure
azuredayit
 
PDF
Azure Day Rome Reloaded 2019 - Azure: a cloud with a purpose
azuredayit
 
PDF
Azure Day Rome Reloaded 2019 - Getting Started with Unity, AR/VR and Azure Co...
azuredayit
 
PDF
Azure Day Rome Reloaded 2019 - Azure Application Insights Overview
azuredayit
 
PDF
Azure Day Rome Reloaded 2019 - Deconstructing Kubernetes using AKS
azuredayit
 
PDF
Azure Day Rome Reloaded 2019 - Python, Azure Cosmos DB, Docker and Azure Cont...
azuredayit
 
PDF
Azure Day Rome 2019 Reloaded - Strangle(r pattern) your legacy application ru...
azuredayit
 
PDF
Azure Day Rome 2019 Reloaded - Effettuare il provisioning su Azure utilizzand...
azuredayit
 
PDF
Azure Day Rome 2019 Reloaded - Utilizzare Azure Kubernetes Service per i nost...
azuredayit
 
PDF
Azure Day Rome Reloaded 2019 - Ingestion nel datalake passando tramite API Ma...
azuredayit
 
PDF
Azure Day Rome Reloaded 2019 - Azure Cognitive Search Deep Dive
azuredayit
 
Azure Day Rome Reloaded 2019 - ML.NET Model Lifecycle with Azure DevOps
azuredayit
 
Azure Day Rome Reloaded 2019 - Reactive Systems with Event Grid
azuredayit
 
Azure Day Rome Reloaded 2019 - Building serverless microservices in azure
azuredayit
 
Azure Day Rome Reloaded 2019 - Cloud Journey – FastTrack for Azure
azuredayit
 
Azure Day Rome Reloaded 2019 - Azure: a cloud with a purpose
azuredayit
 
Azure Day Rome Reloaded 2019 - Getting Started with Unity, AR/VR and Azure Co...
azuredayit
 
Azure Day Rome Reloaded 2019 - Azure Application Insights Overview
azuredayit
 
Azure Day Rome Reloaded 2019 - Deconstructing Kubernetes using AKS
azuredayit
 
Azure Day Rome Reloaded 2019 - Python, Azure Cosmos DB, Docker and Azure Cont...
azuredayit
 
Azure Day Rome 2019 Reloaded - Strangle(r pattern) your legacy application ru...
azuredayit
 
Azure Day Rome 2019 Reloaded - Effettuare il provisioning su Azure utilizzand...
azuredayit
 
Azure Day Rome 2019 Reloaded - Utilizzare Azure Kubernetes Service per i nost...
azuredayit
 
Azure Day Rome Reloaded 2019 - Ingestion nel datalake passando tramite API Ma...
azuredayit
 
Azure Day Rome Reloaded 2019 - Azure Cognitive Search Deep Dive
azuredayit
 

Recently uploaded (20)

PDF
Top 10 Software Development Trends to Watch in 2025 🚀.pdf
KodekX
 
PPTX
assetexplorer- product-overview - presentation
nonameist3434
 
PPTX
Patient Appointment Booking in Odoo with online payment
AxisTechnolabs
 
PPTX
Log360_SIEM_Solutions Overview PPT_Feb 2020.pptx
nonameist3434
 
DOCX
How to Use SharePoint as an ISO-Compliant Document Management System
Sharepoint Designs
 
PPTX
CNN LeNet5 Architecture: Neural Networks
DrRPonnusamyCIT
 
PPTX
Oracle Fusion HCM Cloud Demo for Beginners
DharanOracleerp
 
PDF
Salesforce Agentforce AI Implementation.pdf
Robert Mark
 
PDF
Wondershare Recoverit Full Crack New Version (Latest 2025)
hashmi66g66
 
PPTX
Computer Software - Technology and Livelihood Education
ShielaGuevarra6
 
DOCX
Modern SharePoint Intranet Templates That Boost Employee Engagement in 2025.docx
Sharepoint Designs
 
PPTX
Trending Python Topics for Data Visualization in 2025
IT IDOL Technologies
 
PPTX
"Secure File Sharing Solutions on AWS".pptx
sudharani74442
 
PPTX
Advanced SystemCare Ultimate Crack + Portable (2025)
adanataj41
 
PPTX
Cybersecurity: Protecting the Digital World
SURULIAPPANPREMKMAR
 
PDF
How AI/LLM recommend to you ? GDG meetup 16 Aug by Fariman Guliev
HusseinMalikMammadli
 
PDF
MCP Security Tutorial - Beginner to Advanced
Harish Ramadoss
 
PDF
Autodesk AutoCAD Crack Free Download 2025
hggfcrd hgggref
 
PPTX
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
PPTX
Why Generative AI is the Future of Content, Code & Creativity?
Webuters Technologies Pvt. Ltd
 
Top 10 Software Development Trends to Watch in 2025 🚀.pdf
KodekX
 
assetexplorer- product-overview - presentation
nonameist3434
 
Patient Appointment Booking in Odoo with online payment
AxisTechnolabs
 
Log360_SIEM_Solutions Overview PPT_Feb 2020.pptx
nonameist3434
 
How to Use SharePoint as an ISO-Compliant Document Management System
Sharepoint Designs
 
CNN LeNet5 Architecture: Neural Networks
DrRPonnusamyCIT
 
Oracle Fusion HCM Cloud Demo for Beginners
DharanOracleerp
 
Salesforce Agentforce AI Implementation.pdf
Robert Mark
 
Wondershare Recoverit Full Crack New Version (Latest 2025)
hashmi66g66
 
Computer Software - Technology and Livelihood Education
ShielaGuevarra6
 
Modern SharePoint Intranet Templates That Boost Employee Engagement in 2025.docx
Sharepoint Designs
 
Trending Python Topics for Data Visualization in 2025
IT IDOL Technologies
 
"Secure File Sharing Solutions on AWS".pptx
sudharani74442
 
Advanced SystemCare Ultimate Crack + Portable (2025)
adanataj41
 
Cybersecurity: Protecting the Digital World
SURULIAPPANPREMKMAR
 
How AI/LLM recommend to you ? GDG meetup 16 Aug by Fariman Guliev
HusseinMalikMammadli
 
MCP Security Tutorial - Beginner to Advanced
Harish Ramadoss
 
Autodesk AutoCAD Crack Free Download 2025
hggfcrd hgggref
 
Weekly report ppt - harsh dattuprasad patel.pptx
bikerslovers123
 
Why Generative AI is the Future of Content, Code & Creativity?
Webuters Technologies Pvt. Ltd
 

Azure Day Rome Reloaded 2019 - Azure Sentinel: set up automated threat responses in Azure through Logic Apps

  • 1. Azure Sentinel: set up automated threat responses in Azure through Logic Apps
  • 3. AGENDA • Azure Sentinel main features • Respond to incidents rapidly with built-in orchestration and automation • DEMO
  • 5. Too many disconnected products 76% report increasing security data* 3.5M unfilled security jobs in 2021 Lack of automation 44% of alerts are never investigated IT deployment & maintenance Sophistication of threats Security operations challenges
  • 6. Introducing Azure Sentinel intelligent, cloud-native SIEM Uses AI and automation to improve effectiveness Scales to support your growing digital estate Delivers instant value to your defenders
  • 7. End-to-end solution for security operations Analytics DetectCollect Incidents AutomationVisibility Hunting Investigate Respond Powered by community + backed by Microsoft’s security experts
  • 9. Collect security data at cloud scale from any source
  • 10. Use workbooks to power interactive dashboards Choose from a gallery of workbooks Customize or create your own workbooks using queries Take advantage of rich visualization options Gain insight into one or more data sources
  • 12. Leverage analytics to detect threats Choose from more than 100 built-in analytics rules Customize and create your own rules using KQL queries Correlate events with your threat intelligence and now with Microsoft URL intelligence Trigger automated playbooks
  • 13. Tap into the power of ML increase your catch rate without increasing noise Use built–in models – no ML experience required Detects anomalies using transferred learning Fuses data sources to detect threats that span the kill chain Simply connect your data and learning begins Bring your own ML models (coming soon)
  • 15. Start hunting over security data with fast, flexible queries Run built-in threat hunting queries - no prior query experience required Customize and create your own hunting queries using KQL Integrate hunting and investigations
  • 16. Use bookmarks and live stream to manage your hunts Bookmark notable data Start an investigation from a bookmark or add to an existing incident Monitor a live stream of new threat related activity
  • 17. Use Jupyter notebooks for advanced hunting Run in the Azure cloud Save as sharable HTML/JSON Query Azure Sentinel data Bring external data sources Use your language of choice - Python, SQL, KQL, R, …
  • 19. Start and track investigations from prioritized, actionable security incidents Use incident to collect related alerts, events, and bookmarks Manage assignments and track status Add tags and comments Trigger automated playbooks
  • 20. Visualize the entire attack to determine scope and impact Navigate the relationships between related alerts, bookmarks, and entities Expand the scope using exploration queries View a timeline of related alerts, events, and bookmarks Gain deep insights into related entities – users, domains, and more
  • 22. Automate and orchestrate security operations using integrated Azure Logic Apps Build automated and scalable playbooks that integrate across tools Choose from a library of samples Create your own playbooks using 200+ built-in connectors Trigger a playbook from an alert or incident investigation
  • 23. Example playbooks Assign an Incident to an Analyst Open a Ticket (ServiceNow/Jira) Keep Incident Status in Sync Post in a Teams or Slack Channel Lookup Geo for an IP Trigger Defender ATP Investigation Send Validation Email to User Block an IP Address Block User Access Trigger Conditional Access Isolate Machine Incident Management Enrichment+ Investigation Remediation
  • 24. Community Hundreds of contributions, including data connectors, workbooks, analytics rules, queries, notebooks, parsers, functions, and playbooks are available on GitHub.
  • 25. Take actions today—Get started with Azure Sentinel To learn more, visit https://aka.ms/AzureSentinel Create Azure Sentinel instance Connect data sources Start Microsoft Azure trial