Microsoft has been transitioning all SIEM roles & responsibilities to Azure Sentinel. This is a video interview with Microsoft IT’s Mei Lau on the transition.
Mei Lau is leading the migration of Microsoft’s legacy Security Information Event Management (SIEM) system to Microsoft Azure Sentinel, which enables security analysts to quickly connect datasets and rapidly investigate or respond to potential security threats.
Microsoft’s new SIEM can ingest 20 billion events daily, which is a 128 percent gain compared to the old SIEM. Ingesting data in our legacy SIEM would take hours but with Azure Sentinel, it takes 10 minutes, which is 18 times faster.
Lau also advocates for testing out your SIEM so you can get feedback early on.
“If you’re interested in leveraging a cloud SIEM, you can start with a proof of concept and explore how easy it is to ingest the data with the out of the box data connectors,” Lau says. “Once you ingest the data, again, you can write hunting queries as well and see how the data works with a graph or investigation effort.”
Watch the video here:
- VIDEO: Securing the enterprise and responding to cybersecurity attacks with Microsoft Azure Sentinel
https://www.microsoft.com/en-us/insidetrack/securing-the-enterprise-and-responding-to-cybersecurity-attacks-with-microsoft-azure-sentinel
kurtsh
Kurt Shintaku's Blog 