Azure Sentinel is a SIEM solution offered from Microsoft to see and stop threats before they cause harm. Olaf Hartong tested to use sysinternals tools Sysmon in Azure Sentinel.
Advertising
An introduction into Azure Sentinel may be found at this Microsoft site. According to Microsoft, Azure Sentinel is your birds-eye view across the enterprise. Olaf Hartong played a bit with this new feature. Within the tweet below he announced his blog post about using Sysmon in Azure Sentinel – maybe it's helpful to someone.
I've just published a small blogpost "Using Sysmon in Azure Sentinel" https://t.co/GFpI1d01vF #DFIR #Sysmon #AzureSentinel #BlueTeam #ThreatHunting
— Olaf Hartong (@olafhartong) 2. Juni 2019
Advertising