Introduction
Throughout the organization, Microsoft Sentinel provides threat intelligence and intelligent security analytics. You may obtain a single solution for threat visibility, proactive hunting, attack detection, and threat response with Microsoft Sentinel.
Microsoft Sentinel provides an overview of the entire organization, reducing anxiety caused by increasingly complex attacks, a spike in alert volumes, and extended resolution times.
The Azure Sentinel is the Azure platform-based scalable security information and event management (SIEM) and security orchestration, automation, and response (SOAR) software for Microsoft Cloud-native security. Information gathering, risk identification, investigation, and resolution are all possible with Microsoft Azure Sentinel.
Microsoft Azure Sentinel operates in accordance with these four security operational areas to protect your company from threats.
- Collect: collects security information from all parts of the network architecture of your company, including cloud-based and on-premises apps, users, and devices.
- Detect: uses analytics and threat intelligence to identify risks, reducing false positives and enabling the identification of previously undiscovered dangers.
- Investigate: makes use of artificial intelligence and machine learning technologies to investigate potentially dangerous activity.
- Respond: enables proactive, adaptable automation of routine security tasks so that incidents can be handled swiftly.
Steps to Set Up Microsoft Sentinel
Open the Azure portal and log in.
Find Microsoft Sentinel and click on it.
Choose Add.
You can either choose to use an existing workspace or create a new one. The data is segregated to a single workspace; however Microsoft Sentinel can be used on several workspaces.
Establish a new workspace.
Fill all the fields using the appropriate standard.
After the validation process is finished, choose the Create option.
Verify the Notification: Deployment succeeded.
Launch the Microsoft Sentinel that you have generated. After selecting the workspace, click the Add button.
Choose Content Hub from Microsoft Sentinel.
Locate and pick the Azure Activity Directory.
Click on Install/Update on the toolbar at the top of the page.
Verify the Notification: Install Success.
Summary
The present article explains the process of configuring Microsoft Sentinel in Series-01. The subsequent article will cover the steps of configuring the data connector and producing activity data in Microsoft Sentinel.