Microsoft Azure Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution. Azure Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
Azure Sentinel is your birds-eye view across the enterprise alleviating the stress of increasingly sophisticated attacks, increasing volumes of alerts, and long resolution timeframes.
- Collect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds.
- Detect previously undetected threats, and minimize false positives using Microsoft’s analytics and unparalleled threat intelligence.
- Investigate threats with artificial intelligence, and hunt for suspicious activities at scale, tapping into years of cyber security work at Microsoft.
- Respond to incidents rapidly with built-in orchestration and automation of common tasks.
fusion
Machine Learning in Azure Sentinel is built-in right from the beginning. We have thoughtfully designed the system with ML innovations aimed to make security analysts, security data scientists and engineers productive. One such innovation is Azure Sentinel Fusion built especially to reduce alert fatigue.
Fusion uses graph powered machine learning algorithms to correlate between millions of lower fidelity anomalous activities from different products such as Azure AD Identity Protection, and Microsoft Cloud App Security, to combine them into a manageable number of interesting security cases.
Enable fusion:
- In the Welcome to Cloud Shell windows that opens below, select PowerShell.
- Choose the subscription on which you deployed Azure Sentinel, and Create storage.
- After you are authenticated and and your Azure drive is built, at the command prompt, run the following commands:
az resource update –ids /subscriptions/b2eaa2c9-db10-4d59-a2a3-bf9b3383fbe8/resourceGroups/AzureSentinel/providers/Microsoft.OperationalInsights/workspaces/AzureSentinel2/providers/Microsoft.SecurityInsights/settings/Fusion –api-version 2019-01-01-preview –set properties.IsEnabled=true –subscription “b2eaa2c9-db10-4d59-a2a3-bf9b3383fbe8”
View the status of fusion:
az resource show –ids /subscriptions/b2eaa2c9-db10-4d59-a2a3-bf9b3383fbe8/resourceGroups/AzureSentinel/providers/Microsoft.OperationalInsights/workspaces/AzureSentinel2/providers/Microsoft.SecurityInsights/settings/Fusion –api-version 2019-01-01-preview –subscription “b2eaa2c9-db10-4d59-a2a3-bf9b3383fbe8”
Stay tunned………