Are you using Microsoft Sentinel? Richard talks to Cloud Security Advocate Sarah Young about Sentinel, Microsoft's Security Information and Event Management (SIEM) solution. Sarah talks about the role of the SIEM in creating a common place for all security-related data to arrive. She mentions some of the many tools in the Microsoft suite to feed into Sentinel - Defender for Endpoints, Identity, and Cloud as examples. Specialized analysis tools send summaries to Sentinel, but Sentinel can also process raw logs as well - make sure you need the data because billing for Sentinel is connected to the number of ingress sources. There's a lot to learn, but also a lot of great documentation and information to work from. Check the show notes for links!

Links:

• Microsoft Sentinel
• ArcSight
• Defender Security Alerts
• Defender for Endpoint
• Defender for Identity
• Microsoft Digital Defense Report 2022
• Defender for Cloud
• What is CSPM?
• Security Baselines Blog
• Microsoft Security Copilot

Recorded April 6, 2023