Lecture on Microsoft Sentinel

Introduction

Focus on technical configuration related to cloud, cloud security, and network security.
Introduction to a new video series on Microsoft Sentinel.
- Microsoft Sentinel: Scalable cloud-native SIEM tool (Security Information Event Management) and SOAR (Security Orchestration Automated Response) solution.

Four pillars of Microsoft Sentinel: Collect, Detect, Investigate, Respond.
- Subtopics: Visibility, Analytics and Hunting, Incident and Automation.
Format of the Series
- Part 1: Overview
  - What is SIEM?
  - What is Microsoft Sentinel?
  - Comparison with other SIEM products.
  - Utilization of Microsoft Sentinel.
- Part 2: Collect Phase
  - Design workspace and Sentinel architecture.
  - Data collection and log management.
  - Topics Covered:
    - Creating a log analytic workspace.
    - Sentinel architecture.
    - Collecting logs from different data sources.
    - Managing logs.
- Part 3: Detect Phase
  - Analytics and hunting.
  - Learnings: Analytic rules, hunting queries, workbooks, reporting, visualization.
  - Introduction to Custom Query Language (KQL).
- Part 4: Investigate Phase
  - Handling incidents on a day-to-day basis.
  - Extracting threat information from logs.
  - Incident response, management, and assignment to teams.
- Part 5: Automation Phase
  - Automation or SOAR capabilities.
  - Responding to threats automatically using logic apps and automation rules.
- Part 6: Advanced Topics
  - MITRE framework.
    - Mapping incidents to MITRE framework (e.g., initial access, command and control).
  - Thread intelligence and watchlist.

Summary of the series.
Encouragement to follow the upcoming videos for a deep dive into Microsoft Sentinel.