Skip to main content

Microsoft launches its cloud-based SIEM

(Image credit: Image Credit: Wright Studio / Shutterstock)

Azure Sentinel, Microsoft's security information and event management solution (SIEM), has officially left public preview and is now a fully-fledged Azure service, the company confirmed earlier this week.

The Sentinel's task is to monitor thousands of threat indicators and help security experts spot real threats in a sea of fake positives. They track data from the operating system, applications, antivirus software, database and server logs, and analyse them in search of anomalies or signs of a breach.

With organisations using different services across multiple clouds providers, this task becomes even more challenging. With Azure Sentinel, organisations running Azure-first infrastructure get a new layer of security, especially because of its deep integration with other Microsoft services, such as Office 365 or similar.

Organisations can also import third-party data from many software solutions, and will handle custom data streams as well, as long as they're in the Common Event Format (CEF).

Azure Sentinel was first announced a few months ago, when Microsoft launched the SIEM into a public preview. Back then, Microsoft claimed its main goal was to employ machine learning and artificial intelligence to analyse data and adapt to new threats.

There are multiple payment models available. For the pay-as-you-go model, organisations will have to shell out $2.46 per gigabyte of analysed data. For other pricing models, make sure to visit this link.