Everything you need to get started with Architecting and Designing Microsoft Sentinel (2022)
Traditional Security Operation Centers (SOC) rely on on-premises hardware with limited scalability and resources for machine learning algorithms. This can cause issues when threat hunting, managing incidents and potentially when responding to incidents since they were not necessarily built for automation. Traditional SOC also might be limited in how they consume and apply Threat Intelligence and correlation algorithms needed for Machine-learning based findings.
Previously, I discussed how Microsoft Sentinel powers Modern Security Operations Centers to help you as a Cyber Security analyst and even as a CISO to better leverage the cloud to offload some of your cyber security analysts’ time from mindless and pointless hunting time (might not lead nowhere). The platform also benefits from a large number of threat intelligence signals coming from the Microsoft platform (and third-party sources). I’ve discussed what are good tools for a modern approach to a SOC in this article.
This is a deeper look based on my experience and conversations with customers at the components, the architecture and Design of a Modern SOC’s SIEM component using Microsoft Sentinel.
Everything in this document is based on PUBLIC resources pointed out throughout the…
