With cloud explosion, Microsoft was involved to introduce new solutions to achieve users’ requirements in order to be ready to switch-off on-premises solution moving to the cloud. This crazy run produced, in some cases, confusion from customers due overlap between products.
However, despite the many releases made, one of the products that has always been missing in Microsoft’s basket is a SIEM. At the registry, its acronym stands for Security Information and Event Manager, a platform that allows you to collect data from multiple sources to expose results that are easy to consult by users.
Until recently, this thing was assigned to Log Analytics, but it was in turn an evolution of Operations Management Suite (OMS) what was supposed to be the replacement of System Center Operations Manager, thought with logic and become anything but. The LA’s issue was not so much its data collection logic, but a certain complexity in interfacing with third-party products, as well as the lack of practicality in handling alerts to trigger in the event of an event.
To address this issue, in addition to what was described above, Microsoft has decided to release a new product called Azure Sentinel.
Discover Azure Sentinel
As mentioned above, Sentinel is a cloud-based SIEM platform that allows you to collect information and expose it to the outside world in an easy way, while also creating alerts and dashboards that show the status of a particular workload at a glance. Put the cloud and large-scale intelligence from decades of Microsoft security experience to work. Make your threat detection and response smarter and faster with artificial intelligence (AI). Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs.
The release of Sentinel is also a child of the fact that you need to have a solution that can interface with third-party products, more easily than Log Analytics has done to date. The key word is integration and convergence.
Is Log Analytics dead for Azure Sentinel? The answer is no because the collection engine will always remain the latter while it is very likely that in the medium term the classic dashboards present will disappear, to have only the ability to make text queries, leaving Sentinel the graphic part.
In order to set up your service on Azure, you need to start with the idea that we need two things:
- Log Analytics Workspace
- Azure Automation Account
With these requirements in hand out, we’ll be able to proceed with the setup, starting with searching for the product through the search bar at the top of the Azure portal.
Once you select Azure Sentinel, a window will appear that will show the activation request – figure 2.
As I said, one of the main requirement is Log Analytics Workspace, that must be selected during the first wizard – figure 3.
After a few minutes, you will be ready to configure your platform. To date, several solutions are available to bring your data into Sentinel; as you can see from figure 4, not only do we have Microsoft technologies but there are also external vendors among which stand out, finally, the major player networking.
To activate the connector of a specific technology, all you have to do is click the Configure button and follow the directions of the wizard: most of the time it is a question of verifying that the object communicates its data with Log Analytics; you can also add a dashboard already released by Microsoft, which will be added to those already existing in your Azure Portal – figure 5 and 6.
Over time, Azure Sentinel will populate you with all the information captured by the various connectors and report a state of your infrastructure, thanks to a simple-to-interpret global interface.
Azure Sentinel is definitely a great product that allows you to collect data and analyze it quickly and easily, both through queries and through interactive dashboards. In the coming months, we’ll see new connector releases to make the platform more and more at the heart of your IT infrastructure.
Try today the solution, because there will be no charges specific to Azure Sentinel during the preview. Pricing for Azure Sentinel will be announced in the future and a notice will be provided prior to the end of the preview. Should you choose to continue using Azure Sentinel after the notice period, you will be billed at the applicable rates.