Azure Sentinel Design

  • June 3, 2023

Azure Sentinel born-in-the-cloud SIEM was released in preview mode in February 2019 and in full general availability in September 2019, however, it has since advanced in bounds and leaps, doubling the number of data connectors, improving visualizations, incident management and building a rich ecosystem of options for SOAR and data enrichment. Combined with a tight integration with highly specialized security controls such as Defender ATP, MCAS and Azure ATP, Sentinel is emerging as a natural choice for the organizations that want to take advantage of the synergy between these products. The increase in capabilities comes at the cost of additional complexity and while Sentinel does a good job in doing most of the work behind the scene, understanding how each component integrates is a must for security analysts interested in mastering this versatile product.

The diagram below is a one-page view of the core Azure Sentinel components updated as of September 2020, showing how various parts of the traditional SIEM infrastructure relate to it. We have also included some of the complementary services that are not part of Sentinel itself but are typically used in correlation with Sentinel.

Click here for a detailed Azure Sentinel Design diagram

Categories

JOIN OUR NEWSLETTER
And get notified everytime we publish a new blog post.

Calendar

March 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031
paybill button