Azure Advent Calendar – Day #9: Azure Sentinel

What a sheer privilege it is to have been a part of this #AzureAdventCalendar initiative!

What is the #AzureAdventCalendar about?

A few months ago, I responded to a post from two Microsoft MVPs Richard Hooper and Gregor Suttie, asking that members of the #AzureFamily consider growing the community by contributing a Christmas-themed video on ANY Azure content they chose. Over the course of 25 days, there will be 75 (maybe more?) videos with accompanying blog posts covering a wide variety of Azure content from some of the best community contributors from all over the world!

Let me just say THANKS – this is certainly a privilege to be part of this incredible initiative. I had so much fun creating this video for you all, and I truly hope that you find the resource helpful in your Cloud journey!

What I’m contributing

Behind door #9 of the Azure Advent Calendar we have Azure Sentinel, Microsoft’s new cloud-native Security Information Event Management (SIEM) and Security Orchestration Automated Response (SOAR) scalable solution. There are a lot of nooks and crannies in this solution, so we will cover initial onboarding, how to use the tool, and how to expand the tool for some more advanced features (with some other Christmas gifts as well)!

The link to my Azure Advent Calendar Day #9: Azure Sentinel video is here:

All Azure Advent Calendar resources

Youtube Channel: https://www.youtube.com/channel/UCJL9wCcmeMBbah4J0uOWIPg

Azure Advent Calendar official website: https://azureadventcalendar.com/

Official contribution hashtags on Twitter: #azureadventcalendar and #AzureFamily

Additional Azure Sentinel resources

Let’s be honest, this solution is a BEAST, so there is no way I could cover all of this content in just one video! Below you will find some additional resources that I found very helpful and interesting, as even though this solution is relatively new, the features and cross-platform usage is expanding day by day!

Azure Sentinel Documentation and overview: https://docs.microsoft.com/en-us/azure/sentinel/

Kusto (KQL) language: https://docs.microsoft.com/en-us/azure/kusto/query/

Azure Sentinel Microsoft Tech Community: https://techcommunity.microsoft.com/t5/Azure-Sentinel/bg-p/AzureSentinelBlog

GitHub resources for Azure Sentinel: https://github.com/Azure/Azure-Sentinel

Table Level RBAC in Azure Sentinel: https://techcommunity.microsoft.com/t5/Azure-Sentinel/Table-Level-RBAC-In-Azure-Sentinel/ba-p/965043

Enable new URL Detonation features in Azure Sentinel: https://techcommunity.microsoft.com/t5/Azure-Sentinel/Using-the-new-built-in-URL-detonation-in-Azure-Sentinel/ba-p/996229

Azure Sentinel and Azure Arc: https://techcommunity.microsoft.com/t5/Azure-Sentinel/Azure-Sentinel-and-Azure-Arc/ba-p/999379

Again, THANK YOU #AzureFamily, Richard, Gregor, and the entire community for the opportunity to go through this learning experience with you all! Merry Christmas, Happy Holidays, and I hope that you all find Joy and Peace in this upcoming year!