What is Microsoft Sentinel?
7 quick facts to help you understand how Sentinel can help you secure your environment 👇
1) Azure Sentinel is a Microsoft cloud-based SIEM solution that collects data from multiple sources (Microsoft Azure, M365, AWS, GCP, on-premises services).
2) Use Sentinel to collect, detect, investigate, and respond to security alerts for both on-premises and cloud systems.
3) It offers 130 data connectors, allowing easy ingestion of data, and stores data in Log Analytics.
4) Kusto Query Language (KQL) is used to query data and create dashboards and visualizations.
5) It provides alerts in different forms (email, SMS, Teams channel, work item in project management tool) and allows automating responses to detected incidents.
6) It allows correlation between different data types to detect multistage attacks.
7) Log Analytics allows storing data for up to two years, which aligns with industry standards, and longer term storage can be achieved by sending data to a Storage Account (up to 7 years).
UPN vs sAMAccountName in Active Directory? 6 facts to help you quickly understand the difference! ⬇️
1) The UPN and sAMAccountName are user account attributes in Active Directory that identify logon names and IDs used for security purposes.
2) The sAMAccountName was used in previous versions of Windows for authentication purposes. It is a logon name with a limit of 20 characters and must be unique within a domain.