Blue Team

CRTH02 Enhancing Security Posture: Best Practices of Microsoft Sentinel Threat Intelligence

11/21/2024

8:00am - 9:15am

Level: Introductory

Marcos Nogueira

Chief Technology Officer

vCISO

As the cybersecurity landscape is constantly evolving, it is important for organizations to stay ahead of adversaries by utilizing the power of threat intelligence. Microsoft Sentinel is a cloud-native SIEM (Security Information and Event Management) that provides strong capabilities for analyzing, ingesting, and acting upon threat intelligence data. In this session, we will explore the best practices for leveraging Microsoft Sentinel Threat Intelligence to strengthen your organization's security posture. Participants will learn how to effectively integrate threat intelligence feeds into Sentinel, enabling proactive threat detection and response. From understanding the different types of threat intelligence to leveraging threat indicators such as IOCs (Indicators of Compromise) and TTPs (Tactics, Techniques, and Procedures), attendees will gain actionable insights on optimizing Sentinel's capabilities. The session will also delve into practical strategies for enriching security alerts, correlating events with threat intelligence data, and automating incident response workflows. Whether you are a security analyst, SOC (Security Operations Center) engineer, or IT professional, this session will provide valuable guidance for maximizing the effectiveness of Microsoft Sentinel Threat Intelligence in safeguarding your organization's assets and data. Join us to learn how to stay ahead of threats and bolster your defenses with Microsoft Sentinel.

You will learn:

  • About enhancing Security Posture
  • Best Practices
  • Microsoft Sentinel