Unifying XDR, SIEM and Security Copilot in Security Opertions
In the rapidly evolving world of cybersecurity, the role of artificial intelligence (AI) is becoming increasingly important. With the sheer volume and complexity of threats, a holistic approach to cybersecurity is necessary, and AI is proving to be a crucial element in detecting and fighting against advanced attacks.
Now Microsoft Defender, XDR, Microsoft Sentinel, and Microsoft Security Copilot are available as a unified experience, all your alerts, incidents, playbooks, and policies in one place with more AI, more automation, and an unparalleled view of emerging threats enriching it all. One dashboard to manage defenses. A single portal for threat investigation, detection, and response. A single command center built on a common data model to help you manage your SOC and work faster. One place to investigate all incidents. Making incident triage more straightforward, investigation more seamless and insights more holistic. One place to search and hunt for threats across all data. Simplified with help from Security Copilot, translating natural language to KQL. Copilot is generating all the queries, and these are, and you need to know KQL now.
During this session, Microsoft Security MVP, MCT Uros Babic will be speaking about the future of cybersecurity incident response with AI. Real stories incident investigations with Microsoft Defender XDR, Sentinel and Security Copilot will be presented.
Unified Security Operations Platform with Microsoft Sentinel and Defender XDR
Microsoft Defender XDR and Microsoft Sentinel now in one portal/dashboard for SOC teams:
- View incidents across your digital estate — whether they’re related to endpoints, SaaS services, your network in the cloud or on prem.
- This unified approach eliminates the inefficiency of SOC teams having to switch between multiple systems and manually piece together incident details
- See how Microsoft Sentinel is embedded within Microsoft Defender XDR and combined forces of SIEM+XDR automatically with investigation graph in order to take actions lock and disable accounts with attack disruption, etc.
Driving Microsoft’s transformation with Data and AI
Get started with Azure AI Services
2. Azure AI services
Azure Machine L earning
Cognitive Services
Azure OpenAl Services
3. Microsoft Copilot
4. AI for Security
5. Al Shared responsibility model
6. Accelerate cloud-native app innovation with Azure and Al
How to Forensic Investigate Security Incidents in Microsoft Azure
When a security incident is detected on the Azure cloud platform, forensic investigators must examine the log data collected from various sources. If a VM is found to be affected, it is important to take a snapshot of the OS disk of the VM for further investigation. This ssession discusses the forensic acquisition methodology of an Azure VM and discusses an assumed scenario to divide the whole process into multiple steps
Manage Identity and Access in Microsoft Entra ID
Entra ID is the core of any secure solution you will build on Azure. You need to know verify who is accessing your systems, what they have access to, and monitor how they are using your solutions
How to collect data from Azure virtual machine with Azure Monitor, Defender for Cloud and Sentinel
how to collect data from an Azure virtual machine with Azure Monitor, Defender for Cloud and Azure Sentinel based on threat detection and incident response
How to Forensic Investigate Security Incidents in Microsoft Azure
When a security incident is detected on the Azure cloud platform, forensic investigators must examine the log data collected from various sources. If a VM is found to be affected, it is important to take a snapshot of the OS disk of the VM for further investigation. This ssession discusses the forensic acquisition methodology of an Azure VM and discusses an assumed scenario to divide the whole process into multiple steps
Create and configure self-hosted agent pools and Understanding Azure DevOps Pipelines Styles
how to implement and use self-hosted agents vm with YAML pipelines. Self-hosted agents in Azure DevOps Pipelines offer cost savings and more flexibility to configure and run build and release agents in any supported DevOps environment.
Active Directory Incident Response and Remediation in Microsoft Azure
Azure AD incident response explores how Azure AD investigates, manages and responds cybersecurity incidents. It involves skills, knowledge and experience with best practices to protect Azure Active Directory on day to day IR operations, remediation techniques and describes Azure AD incident response - life cycle, proces and tools.
Microsoft Azure Serbia Meetup Group User group Sessionize Event
Gimme-Cloud-Talks-Global-Azure-2023 Sessionize Event
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top