Sign in to confirm you’re not a bot
This helps protect our community. Learn more

Learn Live - Configure your Microsoft Sentinel environment

Microsoft Developer
588K subscribers
<__slot-el>
<__slot-el>
2.3K views Streamed 2 years ago
Full series information: https://aka.ms/learnlive-post-ignite-22 More info here: https://aka.ms/learnlive-post-ignite-... Follow on Microsoft Learn: Traditional security information and event management (SIEM) systems typically take a long time to set up and configure. They're also not necessarily designed with cloud workloads in mind. Microsoft Sentinel enables you to start getting valuable s ...more
...more

Introduction

0:00

Learning objectives

1:58

What is security information and event management?

2:29

What is Microsoft Sentinel

4:00

How Microsoft Sentinel works

5:58

Data connectors

6:29

Querying and log retention

9:11

Analytics rules

13:23

Incidents and investigations

17:13

Automation rules and playbooks

21:16

User entity behavior analytics

24:32

Threat hunting and notebooks

27:13

Threat intelligence and watchlists

31:21

When to use Microsoft Sentinel

41:24

Knowledge check

43:22

Create and manage Microsoft Sentinel workspaces

49:01

Learning objectives

49:24

Plan for the Microsoft Sentinel workspace

49:48

Single-tenant single workspace

51:14

Multi=tenant workspace

55:46

Understand Microsoft Sentinel permissions and roles

59:38

Demo - Create a Microsoft Sentinel workspace

1:08:18

Manage Microsoft Sentinel settings

1:15:18

Configure logs

1:18:09

Summary and conclusions

1:29:26
Learn Live - Configure your Microsoft Sentinel environment
Full series information: https://aka.ms/learnlive-post-ignite-22 More info here: https://aka.ms/learnlive-post-ignite-... Follow on Microsoft Learn: Traditional security information and event management (SIEM) systems typically take a long time to set up and configure. They're also not necessarily designed with cloud workloads in mind. Microsoft Sentinel enables you to start getting valuable security insights from your cloud and on-premises data quickly. This module helps you get started. Then you will learn about the architecture of Microsoft Sentinel workspaces to ensure you configure your system to meet your organization's security operations requirements. --------------------- Learning objectives
  • Identify the various components and functionality of Microsoft Sentinel.
  • Identify use cases where Microsoft Sentinel would be a good solution.
  • Describe Microsoft Sentinel workspace architecture
  • Install Microsoft Sentinel workspace
  • Manage a Microsoft Sentinel workspace
--------------------- Chapters -------- 00:00 - Introduction 01:58 - Learning objectives 02:29 - What is security information and event management? 04:00 - What is Microsoft Sentinel 05:58 - How Microsoft Sentinel works 06:29 - Data connectors 09:11 - Querying and log retention 13:23 - Analytics rules 17:13 - Incidents and investigations 21:16 - Automation rules and playbooks 24:32 - User entity behavior analytics 27:13 - Threat hunting and notebooks 31:21 - Threat intelligence and watchlists 41:24 - When to use Microsoft Sentinel 43:22 - Knowledge check 49:01 - Create and manage Microsoft Sentinel workspaces 49:24 - Learning objectives 49:48 - Plan for the Microsoft Sentinel workspace 51:14 - Single-tenant single workspace 55:46 - Multi=tenant workspace 59:38 - Understand Microsoft Sentinel permissions and roles 1:08:18 - Demo - Create a Microsoft Sentinel workspace 1:15:18 - Manage Microsoft Sentinel settings 1:18:09 - Configure logs 1:29:26 - Summary and conclusions --------------------- Presenters Benjamin Kovacevic Microsoft Sentinel CxE Program Manager Microsoft Matthew Lowe Program Manager Microsoft

Follow along using the transcript.

Microsoft Developer

588K subscribers
Live chat replay is not available for this video.