Improve SecOps With Azure Sentinel

Legacy SIEM Challenge

cloud + remote work + IoT/OT

performance and scale

cost

alert fatigue

Modernize SOC w/ Azure Sentinel

auto scale/agility

build in threat analytics and offers threat detecton

ai/automation for efficiency

Siem

New Features

UEBA, entity search, profile, bring you own ml, jupyter notebook

Integrating from Thrat Intelligence

Network Schema (OSSEM)

Taxi/STIXは変わるのか

Azure SentinelはSIEMなので、相関分析と検知

データソースとの接続（Connect Dieverse Soucers）

ログの検索（Log Search Acrosss Data SOurces）

アラート

プレイブック

ML Powered Detection / Bring You Own ML

Alert Playbookがある <- Sentinel

https://gyazo.com/06b9b8f048d26c757525caf9c33d505f

https://gyazo.com/2d95da5858b86b0a2911984c8dd7f743

https://gyazo.com/b7316d291a180561eef04ab209513999