Since we have Azure Sentinel in preview, let’s give it a test spin.
Azure Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across the enterprise.
Azure Sentinel aggregates data from a lot of sources, including users, applications, servers and devices running on-premises or in cloud, giving you a overview of millions of records fast.
First we will add Azure Sentinel to our favorites.
And then select it.
Here wee will Add a new workspace.
Select Create a new workspace.
We will first create a new resource group.
Name the resource group according to your preferences.
Now lets name the workplace, select the right Azure subscription, location and click on the Pricing tier.
For this test we will just select the Free tier
And then with all settings in place we can click OK.
Select the newly created workspace and click on Add Azure Sentinel.
For this test we will include Azure Active Directory and Office 365, but as you can see there is a lot of sources available.
First select Azure Active Directory connector and click on Open connector page.
On both Azure Active Directory Sign-in Logs and Azure Active Directory Audit logs click Connect.
They will change status to Disconnect.
Go back to the Data connectors and select Office 365 and Open connector page.
Click Install solution.
Status will then change to Uninstall Solution.
Next step is to add your Office 365 tenant, click Add tenant.
Sign-in to your tenant (Global admin or Security Admin).
Click Accept to grant permissions.
You will then see this windows, just close it.
Click refresh to see your tenant, then select SharePoint and Exchange and Save.
Next we will install some dashboards, In Azure Sentinel select Dashboards, and in this test we will install Azure AD Audit Logs, Azure AD Sign-in logs, Exchange Online, Office 365, SharePoint & OneDrive.
We will have to wait for data, but on the overview page we can see alerts and events and Data anomalies.
On each Dashboard we will se a detailed view of the data collected (here is just some examples).
This solution is a good way of getting visibility into threats against our company, now test in your own environment.