Thank you! Cheers!

Glad you liked it!

I stand by my definition :-) According to Microsoft

​@@AndyMaloneMVPWhy do you keep deleting my post? I'm only trying to help and I like your content. If someone new to cybersecurity follows your video, and gets asked "What does SIEM mean" in a job interview, they may reply with the wrong answer and fail that question. Why not just own up to your mistake and correct it if you're really trying to help people?

@@icewatermedia I not delete content that may contain offensive language. Beyond that sometimes yt sometimes deletes content which is beyond my control. That said I do appreciate your feedback thanks 👍😊

​@@AndyMaloneMVP Thanks for your reply! I think yt may have deleted my comment because I posted a reference link to Microsoft's definition of SIEM. For the benefit of anyone reading this, there's a mistake in the video for what SIEM means. Several times in the video, SIEM is defined as "Security Event and Incident Management" (which would be SEIM and actually could work if it were correct). However, according to Microsoft and the rest of the cybersecurity industry, SIEM is an acronym that stands for "Security Information and Event Management". Microsoft's definition can be found by searching Google for "What is SIEM Microsoft".

Hehe well spotted.

Well said, and thanks for your input. Really useful. 😊 👍

Yes, Sentinel is far more than just a simple monitoring system. It has intelligent systems built on AI and machine learning technologies which perform detailed and complex behavioural analytics to look for any potential anomalies. As I said in the video it’s considered next generation security. For more documentation I would read learning.microsoft.com. Yeah you’ll find all the documentation. Thanks again and all the best Andy 😊

Absolutley 100%

Awesome👍

Thanks, will do!

You’re very welcome and thank you 😊

SC-200

An integrated portal Microsoft 365 XDR

I had demo data that I believe you can generate a sample either in Sentinel, Defender for endpoint of on Microsoft Learn.

Good luck!

Absolutley I'm all in Apple. For devices!

E5 plus additional costs. but you can take advantage of an E5 benefit. 5Mb data per day.

@@AndyMaloneMVP thanks

Here you go learn.microsoft.com/en-us/azure/sentinel/multiple-tenants-service-providers

Microsoft defender for endpoint of the defence tools that manage the policies and detect potential threats. Sentinel is a monitoring system but also can combine with something called soar. Security operations automated response so if anomalies are detected, they can be auto mediated. Sentinel siem system, or security, incident and event management, which basically collate logs and looks for anomalies. Typically defender and sentinel work together to provide you an important cock in the wheel in the Microsoft zero trust model

Thanks Joshua, I appreciate that 😊

I've done sessions on Sentinel. Check out my Defender playlist.

I’ll add it to my list. Thanks for the suggestion.

They are different products, but they compliment each other perfectly. However, I would have to say that sentinel has a greater scope.

Thank you very much, greetings from scotland also 😊

For this, she would need to install defender for endpoint client available in settings in the security centre. Then simply configure policies. For more information check out docs.microsoft.com

None in particular, but if you look at the security videos, in particular, all of the defender videos, they are included in the exam

@@AndyMaloneMVP Thank you kindly

Create an automation to send you an email

@@AndyMaloneMVP yes but I want beep sound when unassigned incident occurs

No idea sorry other than a txt message or email

@@AndyMaloneMVP it's ok, thanks for your reply

Thank you! You too!

A casb connects to your environment for the purpose of monitoring apps and users and has a level of intelligence to look for anomalies. Sentinel collates logs and all the other defender services to look for anomalies in logs. E.g. deletions etc. I can see your confusion though, they do have some similarities 😊

Microsoft Sentinel is Microsoft's SIEM and SOAR solution. Microsoft CASB solution is Microsoft Defender for Apps, which is part of Microsoft 365 Defender.

No worries!

I love Sentinel. But beware of over monitoring. It can be very expensive. I agree with your IoT Comment though.

Yes, the idea is to monitor everything from Microsoft Sentinel (including the AWS and GCP components that it supports). However, the first cardinal rule is to make sure that you are only ingesting the alerts/logs that you absolutely need. Pricing is based on ingestion, so the more you ingest, the more you pay. There are price discounts based on committed consumption ("I will consume at least 5GB per month"), but even with this you want to limit ingestion to only what you need. Many Sentinel connectors, and its Codeless Connector Platorm, as well as AMA, now support DCRs (data collection rules) which allow you to filter data pre-ingestion, allowing you to better control your price.

@@pjchacon Great tips, and I totally agree with you on price!

My pleasure!

You are very welcome

Always welcome

No worries!