For our January 2020 Mississippi PowerShell User Group virtual meeting, Josh King will be presenting “Azure Sentinel for PowerShell Scripters” on Tuesday, January 14th at 7:30 pm Mountain Time.
Azure Sentinel is Microsoft’s new cloud based and machine learning enabled Security Information and Event Management (SIEM) service. You don’t have to work in a SOC to make use of this new tool, however. Let’s take a look from a high level at what Azure Sentinel is, and then pivot to see how PowerShell scripters can make use of it for their own use cases. First, we’ll see how we can send arbitrary data through to the service. Then, we’ll take that a step further and look at how we can log our own PowerShell activity. Finally, we’ll wrap up by looking at what our options are for taking action on the data we’re sending to Azure Sentinel.
Geek, Father, Walking Helpdesk. Josh King is a Microsoft MVP (Cloud and Datacenter Management) and a MSOC Systems Administrator at Tribe in Hawke’s Bay, New Zealand. The bulk of his time is spent in Windows and VMware environments. Josh has a passion for PowerShell and automation.
The Mississippi PowerShell User Group Meetings are typically held online (via Skype for Business) on the second Tuesday of each month at 7:30 pm Mountain Time and are free to attend.
The system requirements to attend these online meetings can be found on the MSPSUG website under the “Attendee Info” section.