Azure Sentinel And Azure Security Centre

Azure Sentinel is the new tool from MS Azure shop that gives you a birds eye view of your environment. It uses AI to help you with threat detection and response. It allows you to collect, detect, analyse/investigate and respond to events/threats - like one would expect from a next generation Security Information and Event Management (SIEM) and Security Orchestration, Automation and Response (SOAR) tool. Its got lot of in built 3rd party integrations. And as long as your security solutions support the Common Event Format (CEF) then these can be integrated as well. I've been informed that O365 data imports will continue to be free. Preview is free and pricing model is yet to be decided - so one will have to wait for GA release to find out.

Quite a handy tool for the Security Operations (SecOps) teams to use both technologies and get a combined view. Also reduces the cost of transferring huge amount of raw data logs from Cloud to on premises (assuming you have a hybrid cloud model or a multi cloud model) to analyse.

However something not many would have noticed is that it seems to replicate a bit of the Azure Security Centre (ASC) functionality. When the Sentinel goes GA in the near future, some of this duplicated features in Security Centre will be deprecated/removed. Specifically I'm referring to the security solutions subset of ASC like the threat investigation feature. This also brings up the question on ASC pricing model - removal/replacement of existing features will bring down the cost?? More details will become clear once Sentinel goes GA.