This David Papkin page has info about Microsoft Azure SC-5001 course
Introduction to Microsoft Sentinel
Microsoft Sentinel data connectors
Tutorial: Automatically check and record IP address reputation information in incidents
Use a Microsoft Sentinel playbook to stop potentially compromised users
Create a playbook with an incident trigger
Create incident tasks in Microsoft Sentinel using automation rules
SC-5001 Labfiles
Simulations
SC-200 Interactive Simulations(6-22 are Sentinel related)
Create a Microsoft Sentinel workspace
Q What is the difference of SOAR vs azure logical apps?
A SOAR (Security Orchestration, Automation, and Response) and Azure Logic Apps serve different purposes in the realm of automation and orchestration. Here’s a comparison to understand their distinct functionalities and how they might be applied in various contexts:
SOAR (Security Orchestration, Automation, and Response)
Purpose:
- Designed specifically for security operations.
- Automates and orchestrates security workflows.
- Helps in responding to security incidents more effectively.
Key Features:
- Incident Response: Automates responses to security incidents, reducing response times.
- Playbooks: Predefined workflows to handle various types of security events.
- Threat Intelligence Integration: Aggregates and uses threat intelligence data to inform responses.
- Collaboration Tools: Facilitates communication and coordination among security teams.
- Case Management: Tracks incidents and responses, providing a comprehensive overview of security posture.
Benefits:
- Enhanced efficiency and speed in handling security incidents.
- Consistent and repeatable response processes.
- Better utilization of security resources and expertise.
- Improved visibility and tracking of security incidents and actions taken.
Examples of SOAR Solutions:
- Palo Alto Networks Cortex XSOAR
- Splunk Phantom
- IBM Resilient
- Demisto
Azure Logic Apps
Purpose:
- A general-purpose workflow automation service.
- Integrates various services and applications within and outside the Azure ecosystem.
Key Features:
- Workflow Automation: Automates business processes and integrates apps, data, and services.
- Connectors: Offers a wide range of connectors to link various services (e.g., Office 365, Dynamics 365, Salesforce, etc.).
- Triggers and Actions: Workflows are initiated by triggers and can include multiple actions across services.
- No-Code/Low-Code: Designed for ease of use with a visual designer.
- Scalability and Reliability: Built on Azure’s robust infrastructure, ensuring high availability and scalability.
Benefits:
- Simplifies the creation and management of complex workflows.
- Reduces development time with pre-built connectors and templates.
- Provides flexibility to integrate a wide array of services.
- Enhances productivity by automating repetitive tasks.
Use Cases:
- Data processing and transformation.
- Enterprise application integration.
- Automated notifications and alerts.
- Business process automation (e.g., order processing, CRM updates).
Comparison
- Focus:
- SOAR: Security-centric, tailored for security teams and incident response.
- Azure Logic Apps: Broad business and IT process automation, suitable for diverse industries.
- Use Cases:
- SOAR: Incident response, threat intelligence automation, security compliance.
- Azure Logic Apps: General workflow automation, enterprise integration, data processing.
- Complexity and Customization:
- SOAR: Typically more complex, requiring deep integration with security tools and custom playbooks.
- Azure Logic Apps: User-friendly with a visual designer, suitable for non-developers to create workflows.
- Integration:
- SOAR: Integrates primarily with security tools (SIEM, EDR, threat intelligence platforms).
- Azure Logic Apps: Integrates with a broad range of services beyond security, including both Microsoft and third-party applications.
Conclusion
Choosing between SOAR and Azure Logic Apps depends on your specific needs:
- If you require specialized automation for security operations, incident response, and threat management, a SOAR solution is the appropriate choice.
- If you need to automate business processes, integrate diverse applications, and enhance operational efficiency across various domains, Azure Logic Apps is more suitable.
Lab information. Helpful links listed below to assist with any lab issues
End of David Papkin page info about Microsoft AZ-700 course
Helpful Azure learning links
Microsoft Azure Forums The Azure forums are very active. You can search the threads for a
specific area of interest. You can also browse categories like Azure Storage, Pricing
and Billing, Azure Virtual Machines, and Azure Migrate.
Azure Architecture Center Gain access to the Azure Application Architecture Guide,
Azure Reference Architectures, and the Cloud Design Patterns.
Microsoft Learning Community Blog Get the latest information the certification
tests and exam study groups.
https://channel9.msdn.com/ Channel 9 provides a wealth of informational videos, shows, and
events.
Azure Tuesdays With Corey Corey Sanders answers your questions about
Microsoft Azure – Virtual Machines, Web Sites, Mobile Services, Dev/Test etc.
Azure Fridays Join Scott Hanselman as he engages one-on-one with the engineers
who build the services that power Microsoft Azure as they demo capabilities,
answer Scott’s questions, and share their insights.
Microsoft Azure Blog Keep current on what’s happening in Azure, including what’s
now in preview, generally available, news & updates, and more.
End of David Papkin Microsoft Azure SC-5001 page.