Microsoft Sentinel Setup and Configuration (2023 edition)
Вставка
- Опубліковано 6 сер 2024
- Are you looking for a comprehensive solution to protect your network from cybersecurity threats? Look no further! In this tutorial, I will show you how to set up Microsoft Sentinel and configure it to detect potential threats. This video will guide you through the process of creating a Microsoft Sentinel workspace, configuring a connector, setting up analytic rules, and deploying a dashboard (workbook) to keep track of your security status. Stay ahead of the game and ensure the safety of your network with this step-by-step tutorial! #MicrosoftSentinel #Cybersecurity #Tutorial #Setup #Detection.
▼ Chapters
00:00 - Intro
01:09 - Deploy Log Analytics & Microsoft Sentinel
05:00 - Configure retention
08:46 - Deploy Content Hub Solution (Azure Activity)
12:14 - Configure Connector
16:00 - Deploy Analytics Rule
20:00 - Deploy Workbook (Dashboard)
▼ Getting started with KQL:
learn.microsoft.com/en-us/tra...
▼ Social Jeroen Niesen
Twitter: / jeroenniesen
LinkedIn: / jeroenniesen
▼ Social AzureVlog
Twitter: / azurevlog - Наука та технологія
Phenomenal content, I learned more in the 25 minutes video than in any documentation found!!
Did this video help you in setting up Microsoft Sentinel?
Thanks Jeroen, it helped a lot!
your essens of explaining things is so good . doing great work for people
Thanks, It's really a interesting & interactive video.
Clearly understood !
Great you liked the video, thanks!
Great tutorial. Thanks!!
thank u man
awesome content
fantastic content mate, very clear and well described. i have a question as i think i will be starting a junior soc job soon. Do you think all this will be set up on my laptop when i start or is this something everyone has to do manually? it is a very large company so i assume they would have a default set they use?
The company should already have the settings and connectors working, but on this video is nicely showing the demo environment. Hi, Im starting a job on SOC this week, do you have some tips you can give me? How was your first few weeks like? Hope all is going well Bro!
I use subscription azure for students when I click create workspace it takes some time to create it and when its done it breifly appears in the menu below and then it dissapears... any idea whats going on?
Hey friend, its a begginer question! its possible I create a sentinel lab with no cost? there are some cost with azure or something like that? thank you!
sir what to do after this video? what will be the following steps after this video???
I can always spot a Dutch man just by the manner we speak English. We have a unique pronunciation to particular words and I can spot it whenever one speaks.
its the same when I get a Brazillian speaking english. Lol
You made a RG for your playbooks. What resource did you place in there?
That resource group can be used for playbooks (logic apps). In this video I didn’t put something in (a follow-up video is coming where I will put resources in it). IThere are two reasons why I put them in their own resource group. One is permissions: In order to trigger run books you need to give permissions on resource group level. The second one is the lifecycle: I think it is also important to take into account that your Sentinel workspace has a different lifecycle than the logic apps / playbooks. It is recommend therefor to have them in their own resource group. This allows you to update the resource group as a whole using a ARM template. Hope this helps!
@@AzureVlog the system does not offer to select the ressource group when you save the workbook. Does it mean you have to save the workbook and then in a second step move it to the playbooks ressource group?
pls maximise the azure portal window, im on 1080p resolution on youtube and the sentinel portal is still blurry and really straining the eyes to see it!
Thanks for the feedback! I will execute my demos in 4K next time. This is one of the first videos I have uploaded in 4K. Have you tried changing the resolution of the Video in UA-cam? And if so; did that resolve the blurry issues?
@@AzureVlog hey thanks for replying, i already mentioned I'm at 1080p - its blurry because you have the window minimized, it needs to be full screen I think then it should be fine. cheers
Hi everyone! I've followed every step at least 3 times and my Azure Activity isn't coneccting. Refreshed Data Connectors and still nothing.Any ideas? Thanks in advance!
I think it's bugged. did you get it working?
Yes! I actually did it a different way. Thank you for asking
@@antoniohuenchumilla2297 can you tell me how long it took to work cause I am facing the same problem.
@@boode5957 worked for me too. Likely I'm just impatient because it took over 4 hours to work, which doesn't seem proper but whatever.
Following the instructions in the video, you should also create a remediate task to ensure the policy is applied