Microsoft Sentinel Setup and Configuration (2023 edition)

Рет қаралды 25,200

Күн бұрын

Are you looking for a comprehensive solution to protect your network from cybersecurity threats? Look no further! In this tutorial, I will show you how to set up Microsoft Sentinel and configure it to detect potential threats. This video will guide you through the process of creating a Microsoft Sentinel workspace, configuring a connector, setting up analytic rules, and deploying a dashboard (workbook) to keep track of your security status. Stay ahead of the game and ensure the safety of your network with this step-by-step tutorial! #MicrosoftSentinel #Cybersecurity #Tutorial #Setup #Detection.
▼ Chapters
00:00 - Intro
01:09 - Deploy Log Analytics & Microsoft Sentinel
05:00 - Configure retention
08:46 - Deploy Content Hub Solution (Azure Activity)
12:14 - Configure Connector
16:00 - Deploy Analytics Rule
20:00 - Deploy Workbook (Dashboard)
▼ Getting started with KQL:
learn.microsoft.com/en-us/tra...
▼ Social Jeroen Niesen
Twitter: / jeroenniesen
LinkedIn: / jeroenniesen
▼ Social AzureVlog
Twitter: / azurevlog

Пікірлер: 28

@edthefixer2011 11 ай бұрын

Phenomenal content, I learned more in the 25 minutes video than in any documentation found!!

@AzureVlog Жыл бұрын

Did this video help you in setting up Microsoft Sentinel?

@borgy78 Жыл бұрын

Thanks Jeroen, it helped a lot!

@eduardocusteau7947 7 ай бұрын

Great tutorial. Thanks!!

@iyiempire4667 10 ай бұрын

your essens of explaining things is so good . doing great work for people

@DaljeetSinghh Жыл бұрын

Thanks, It's really a interesting & interactive video. Clearly understood !

@AzureVlog Жыл бұрын

Great you liked the video, thanks!

@debb.7431 17 күн бұрын

awesome content

@sharpshorts4254 Жыл бұрын

fantastic content mate, very clear and well described. i have a question as i think i will be starting a junior soc job soon. Do you think all this will be set up on my laptop when i start or is this something everyone has to do manually? it is a very large company so i assume they would have a default set they use?

@cybersamurai99 10 ай бұрын

The company should already have the settings and connectors working, but on this video is nicely showing the demo environment. Hi, Im starting a job on SOC this week, do you have some tips you can give me? How was your first few weeks like? Hope all is going well Bro!

@Comoplantardinheiro Жыл бұрын

Hey friend, its a begginer question! its possible I create a sentinel lab with no cost? there are some cost with azure or something like that? thank you!

@manosbouzetos4132 Жыл бұрын

I use subscription azure for students when I click create workspace it takes some time to create it and when its done it breifly appears in the menu below and then it dissapears... any idea whats going on?

@DonReality Жыл бұрын

I can always spot a Dutch man just by the manner we speak English. We have a unique pronunciation to particular words and I can spot it whenever one speaks.

@Comoplantardinheiro Жыл бұрын

its the same when I get a Brazillian speaking english. Lol

@shaikhharoon6928 11 ай бұрын

sir what to do after this video? what will be the following steps after this video???

@marcusriddick2806 Жыл бұрын

You made a RG for your playbooks. What resource did you place in there?

@AzureVlog Жыл бұрын

That resource group can be used for playbooks (logic apps). In this video I didn’t put something in (a follow-up video is coming where I will put resources in it). IThere are two reasons why I put them in their own resource group. One is permissions: In order to trigger run books you need to give permissions on resource group level. The second one is the lifecycle: I think it is also important to take into account that your Sentinel workspace has a different lifecycle than the logic apps / playbooks. It is recommend therefor to have them in their own resource group. This allows you to update the resource group as a whole using a ARM template. Hope this helps!

@FranckJacottin 11 ай бұрын

@@AzureVlog the system does not offer to select the ressource group when you save the workbook. Does it mean you have to save the workbook and then in a second step move it to the playbooks ressource group?

@TheTCPTalk Жыл бұрын

pls maximise the azure portal window, im on 1080p resolution on youtube and the sentinel portal is still blurry and really straining the eyes to see it!

@AzureVlog Жыл бұрын

Thanks for the feedback! I will execute my demos in 4K next time. This is one of the first videos I have uploaded in 4K. Have you tried changing the resolution of the Video in KZbin? And if so; did that resolve the blurry issues?

@TheTCPTalk Жыл бұрын

@@AzureVlog hey thanks for replying, i already mentioned I'm at 1080p - its blurry because you have the window minimized, it needs to be full screen I think then it should be fine. cheers

@antoniohuenchumilla2297 Жыл бұрын

Hi everyone! I've followed every step at least 3 times and my Azure Activity isn't coneccting. Refreshed Data Connectors and still nothing.Any ideas? Thanks in advance!

@simple-security 11 ай бұрын

I think it's bugged. did you get it working?

@antoniohuenchumilla2297 11 ай бұрын

Yes! I actually did it a different way. Thank you for asking

@boode5957 11 ай бұрын

@@antoniohuenchumilla2297 can you tell me how long it took to work cause I am facing the same problem.

@simple-security 11 ай бұрын

@@boode5957 worked for me too. Likely I'm just impatient because it took over 4 hours to work, which doesn't seem proper but whatever.

@FranckJacottin 11 ай бұрын

Following the instructions in the video, you should also create a remediate task to ensure the policy is applied