Organizations' infrastructures are becoming more complex. As the new landscape expands into the cloud and third-party PaaS and SaaS services, it has become more of a challenge to maintain proper visibility and aggregation of logs into a single pane of glass. While Security Information and Event Management (SIEM) systems have been around for years, the complexity of new data sources, infrastructure, and business needs require a scalable approach. Sentinel is a scalable cloud-native solution that can ingest sources from both cloud and on-prem.
Sentinel: This 2-hour introduction demonstration will provide a high-level understanding of the user interface, Sentinel architecture, log ingestion, rule creation process, and different methods used to investigate and correlate logs in Sentinel.
Skills Learned:
Prerequisites
The workshop is an introduction to Sentinel. Students will not need to have prior experience with Sentinel or KQL (Kusto Query Language).
The following are courses or equivalent experiences that are prerequisites for the workshop:
Laptop Requirements
Attendees need to have:
John Alves
John Alves is a cloud security principal with just shy of a decade of experience in information security across network engineering, systems administration, compliance, and cloud security. He leads the cloud security practice at CyberOne Security and is a subject matter expert across Azure and Microsoft 365. He holds multiple certifications from various certifying bodies, most notably GPCS, GCWN, GSEC, and Microsoft Certified Trainer, Microsoft Solutions Architect, Microsoft Cybersecurity Architect. Over the course of his career he has demonstrated deep technical understanding of security practices, and has consistently delivered robust solutions to enterprises. @cyberlowdown | Linkedin.com/in/alves-john/