Azure Sentinel is built on the Azure platform and went GA earlier this week. It provides a fully integrated experience in the Azure portal to augment other Azure services, such as Azure Security Center and Azure Machine Learning. If you don’t already have one, the first step is to create an Azure free account.
More detailed cost information for Azure Sentinel pricing in production can be found here: https://azure.microsoft.com/en-us/pricing/details/azure-sentinel/
Once you have an Azure account, simply search for Azure Sentinel in the Azure portal and click +Add to add it to your portal.
Next to an Azure Sentinel instance, you will also need the following:
-
A Log Analytics workspace
-
Contributor permissions to the subscription in which the Azure Sentinel workspace resides.
-
Contributor or reader permissions on the resource group that the workspace belongs to.
-
Additional permissions may be needed to connect specific data sources.
Azure Sentinel includes connectors providing real-time integration with many industry solutions. It enables easy connections to a variety of Microsoft services, such as Office 365, Azure Active Directory, Azure Advanced Threat Protection, and Microsoft Cloud App Security.You can also collect data from existing security solutions such as firewalls,
routers, endpoint security, and many more using built-in connectors. Plus, you can use Common Event Format (CEF) (currently still in preview) , Syslog, or REST-API to connect any compliant data source to Azure Sentinel.
To connect to a data source:
-
Sign in to Azure with account credentials. Navigate to Azure Sentinel.
-
Click Data connectors.
-
Click the row for the data source you wish to connect.
-
Click the Open connector page to see the configuration steps for connecting the data source.
After your data sources are connected, your data starts streaming into Azure Sentinel and is ready for you to use.
Want to know more? Read the complete E-Book that you can find here: Quick Start Guide to Azure Sentinel
