1-866-447-0088 info@netrixllc.com


Introduction to Azure Sentinel


Azure Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across an enterprise—fast. Azure Sentinel aggregates data from all sources including users, applications, servers, and devices running on-premises or in the cloud, letting you reason over millions of records in a few seconds. It includes built-in connectors for easy onboarding of popular security solutions. Azure Sentinel collects data from any source with support for open standard formats like CEF and Syslog.

Part One: Azure Sentinel Foundations

Recorded on October 13th, 2020

00:02 Introduction
02:17 SOC Challenges
07:05 Introducing Azure Sentinel
17:04 Infrastructure Setup, Maintenance and Cost
19:27 Integration
21:20 Demo – Basics of Sentinel, Azure Active Directory, Azure Activity, Office 365, 3rd Party Examples
27:25 Demo – Logs and Charts, Analytics – Rule Sets and Policies, Incidents, Workbooks and Threat Intelligence Preview
49:44 Q&A

Part Two: Security Orchestration, Automation, and Response (SOAR)

Recorded on October 20th, 2020

00:10 Introduction
02:02 Traditional SOC Challenges
03:19 Pre-Wired MS Integration Solutions and a Concept of the Logic Apps Playbook
05:55 Community Source Playbook
08:20 Creating Playbook
18:55 Building Incident & Event Scenarios
23:40 MS Playbook Repository
25:50 Custom Deployment
38:38 Event Reports and Notifications
40:25 Subscribing and Importing Playbooks
48:00 Integrity Protection
54:10 Q&A

Part Three: Advanced Hunting and Workbooks/Dashboards

Recorded on October 27th, 2020

00:05 Introduction
03:35 Data Connectors and Logs
15:25 Kusto and Correlating Data
34:40 O365 Data Q&A
36:00 Running Playbooks
42:37 Workbooks
51:10 Dashboards
57:14 Q&A

Meet the Host


Rich Lilly



Rich has been working in IT consulting for about 17 years in various positions and roles. He has led numerous implementations of the Microsoft System Center line of products and has deployed Hyper-V and VMware virtualization solutions for private cloud solutions. In addition to developing Private Cloud solutions for clients, he also focuses heavily on hybrid and public cloud deployments, specifically around strategy and execution around Windows Azure.

Rich has presented at various Windows User Group meetings and regularly leads Microsoft ADS/envisioning sessions at various MTC locations throughout the US. He acts as an extension of the Microsoft Technology Solutions Professional teams from the EPG, CAM, and CTM space.