In this fast pace demo heavy set of talks we'll be looking at how Microsoft's new SIEM Azure Sentinel can be used to give insights into data through configuring all appliances and sources to discover threats and generate alerts off of your Azure estate.
Talk 1 Building a SIEM from scratch by Richard Conway: In this talk we'll look what a SIEM is, how to configure sentinel and read from several sources including syslog and CEF. We'll also took a 360 degree look at how this integrates with Windows Defender ATP, Microsoft's new threat protection service. Expect fast pace demos, definitions and software integrations
Talk 2 Advanced Analysis with Sentinel by Darshna Shah: In this talk Darsh will look at the way Sentinel can be used for advanced analysis of streams of data through enrichment, joining and wrangling of sources with Python playbooks in Jupyter notebooks. A true picture of security AI. Expect demos and cool illustrations of what you can do with anomaly detection and machine learning models.
Talk 3 Graphing, Alerts and Remediation by Sandy May: In this talk we will see reporting options available in Azure Sentinel, highlighting similarities to Azure Log Analytics. Sandy will show us the familiar and show the power of Graph reporting and flow for SIEM and how alerts can lead to automated remediation in Azure. Expect to see many interactive reports, dashboards and automation