adporn.net Microsoft Sentinel: Incident detection and response - Microsoft Security Copilot Video Tutorial | LinkedIn Learning, formerly Lynda.com

LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Microsoft Sentinel: Incident detection and response - Microsoft Security Copilot Tutorial

From the course: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Microsoft Sentinel: Incident detection and response

“

- [Announcer] Microsoft Sentinel is a powerful security information and a event management scene, and a security orchestration, automation, and response source solution. It enables end-to-end security operations for threat detection and incident response. Let's look at some key capabilities that Microsoft Sentinel provides at each stage of the process. For data collection, you can use data connectors to gather data from many Microsoft services and third-party solutions. For threat detection, you can use analytics to identify threats and to group alerts into incidents. Leverages threat intelligence sources to detect malicious activities. Apply the MITRE ATT&CK framework to analyze threats. MITRE ATT&CK is a well-known knowledge base of adversary tactics and techniques. Use your watchlists, such as high value assets, service accounts, and the VIP users in your search. And use workbooks to create interactive visual reports. For threat investigation, you can view full details of incidents and investigate attacked vectors. Perform threat-hunting to proactively discover possible attacks. Use Jupyter Notebooks in threat hunting and investigation. Jupyter Notebooks are documents containing live code visualization and a narrative text. For incident response, you can create automation roles to streamline incident handling, and use playbooks to orchestrate the process, and the tools, and automate remediation actions. Let's do a quick demo of the incident detection and the response capabilities in Microsoft Sentinel. For data connection, you can use data connectors. You can import data from numerous sources like Azure, Microsoft 365, Microsoft Defender, Microsoft Entra ID, and a third-party solutions. For threat detection, you can enable analytics rules to generate alerts and incidents. Create hunting queries to identify undetected threats and malicious behaviors. For threat investigation, you can get a list of incidents, view full details of an incident, investigate the sequence of events and associated entities. You can adjust the incident severity, update status, and assign owner. For incident response, you can create automation rules for incident handling, and use playbooks to automate mitigation processes and actions.

Contents