What The Hack - Sentinel Automated Response

Introduction

This Hack will introduce you to Microsoft Sentinel by helping you implement and explore the core functionality of Microsoft’s Security Incident & Event Management (SIEM) /Security Orchestration Automated Response (SOAR) platform.

Learning Objectives

In this hack you will learn how to architect Sentinel, start ingesting data, use the Watchlists feature, create a custom alert and incident. Finally you will learn how to add some automation to manage that incident.

  1. Decide on the Sentinel Architecture
  2. Install the agent and start recieving logs
  3. Create a watchlist
  4. Create a custom alert and generate an incident
  5. Implement a logic app to automatically close the alert

Challenges

Prerequisites

You will need an Azure subscription with contributor rights to complete this hackathon. If you don’t have one…

Sign Up for Azure HERE

Our goal in the hackathon is limiting the cost of using Azure services.

If you’ve never used Azure, you will get:

Details can be found here on free services.

If you have used Azure before, we will still try to limit cost of services by suspending, shutting down services, or destroy services before end of the hackathon. You will still be able to use the free services (up to their quotas) like App Service, or Functions.

Contributors