"The Eye was rimmed with fire, but was itself glazed, yellow as a cat's, watchful and intent, and the black slit of its pupil opened on a pit, a window into nothing"
Imagine sticking The Eye of Sauron, the all-seeing eye, in your enterprise estate? You could see all the sneaky little hobbitses trying to steal your precious! Well now you can thanks to the almighty Azure Sentinel.
- Azure Sentinel is a cloud-native (so scalable) SIEM (Security Information event management) and SOAR (Security Orchestration Automated Response) solution.
- SIEM - Real-time analysis of security alerts/logs
- SOAR - Automate responses to security threats
In short, Azure Sentinel is jacked up Eye of Sauron looking over everything that happens, flagging hobbits that look like Frodo (security alerts) and automatically responding with orcs (quarantine, block, escalation etc.).
It works by doing 4 main things:
Begin the Hunt
Investigating alerts is reactive, but organizations should be proactive about security also.
Azure Sentinel has a 'Hunting' feature (yes, the option is actually called Hunting) where you can run powerful queries both built-in or bespoke to scour the mountains of data you have for anomalies, suspicious activity and more.
There is a lot more information with respect to queries but it all goes over my head so click here for more information