We're Hiring!
Take the next step in your career and work on diverse technology projects with cross-functional teams.
Mountain West Farm Bureau Insurance
office workers empowered by business technology solutions

Getting Started with Microsoft Azure Sentinel: Part 1

Last updated:

Aman Sharma is a former Microsoft employee, a current Microsoft MVP, and a Principal Technical Consultant at Green House Data. Connect with him on LinkedIn or Twitter and be sure to follow his personal blog.

Azure Sentinel is Microsoft's cloud-native SIEM (Security Information and Event Management) service with built-in AI analytics. It reduces the cost and complexity to provide a single pane of glass to get central and near real-time view of your whole environment.

Threats related to infrastructure, networking, users, and applications can be monitored via Azure Sentinel. As a cloud-native service, it scales as per your needs. It collates the data from your environment on-premises, in Azure, and any third party cloud providers. It uses Microsoft Threat Intelligence to analyze all the signals and filters out the noise from actual relevant alerts.

This two part blog series will introduce you to Azure Sentinel and show you how to get set up with the service and start exploring its many features.

Azure Sentinel drills through all the incoming data and forms analysis based on different known patterns like anomalous logins. It ensures that you get a view of all the relevant security information that requires your immediate attention. The key pieces of information that you get right away are:

  1. Total Alerts
  2. Total Events collected and analyzed
  3. Total active Cases and their split by status
  4. Map view of the potential malicious events

Azure Sentinel works with the Log Analytics workspace. You can reuse one of the existing workspaces or create a new one.

Setting Up Azure Sentinel: First Steps

To start working with Azure Sentinel, launch the service by:

  1. Clicking on All Services
  2. Searching for "Azure Sentinel"
  3. Clicking on the service in the result

As mentioned before, you need a Log Analytics workspace to work with Azure Sentinel. You can either:

  1. Create a new one by clicking on the "+ Add" button, or:
  2. You can Connect one of the existing Log Analytics workspaces

Connecting Data Sources

As soon as you create (or connect) a workspace, you will want to connect your data sources. You can do so from the "Data connectors" option under the Configuration settings.

Click on "Configure" for all the data sources you want Sentinel to import data from. You should select as many as you can as long as they are relevant to your environment. There are connectors not just from Microsoft, but also from third party providers like Palo Alto, Check Point, F5, Barracuda, Cisco ASA, and Fortinet, to name just a few.

Every configuration wizard has different settings. Here is the one for Azure AD. You can configure Sentinel to connect the Sign-in logs and Audit logs from Azure AD.

Note that to integrate with Azure AD alerts:​


Understanding Azure Sentinel Dashboard

When you start, your Azure Sentinel dashboard will look something like the below image.

Let's look at these parts in little more detail:

  1. First, you all have all the settings and various sections related to Azure Sentinel
  2. Next, you have the key details in nutshell at the top
  3. A graph of events and alerts over time is shown next
  4. Any malicious events are mapped on the world map
  5. On the right, you have any Recent cases listed
  6. Data sources anomalies are graphed next based on Operations and Usage
  7. This last section on the right bottom shows you the Machine Learning capabilities related to Azure Sentinel

In the second part  of this Sentinel blog series, we will delve deeper into Azure Sentinel features.

[Update] Ready to get more advanced with Sentinel? Read Part Two to explore automation, machine learning, and more features.

Recent Blog Posts

lunavi logo alternate white and yellow
Using Azure AI and Logic Apps to Reverse Engineer SMS Search Engines

There used to be entire companies providing SMS answering services. In 2006, one such company was valued at $6 million. Come along as we build the same system in Azure, almost for free, in 2 hours or less!

Learn more
lunavi logo alternate white and yellow
Security Technologies in Microsoft Azure AD: An Overview

Microsoft Azure AD offers a wide range of security technologies that help organizations protect their data and applications against various cyber threats. Learn how to leverage these advanced security technologies in your Azure environment.

Learn more
lunavi logo alternate white and yellow
Getting Started with Azure OpenAI

It's no secret that Microsoft is making waves in AI technology with significant investments in OpenAI, one of the world's leading Artificial Intelligence companies. Everyone is curious about AI abilities, but how can you use AI in your Azure space? One of Lunavi's lead developers will take you through the journey of implementing AI platforms like ChatGPT into your Azure environment.

Learn more