Check out the documentation, code samples, videos, webinars, tutorials, and guides to help you get started, building your submissions! Remember to build content (workbooks, analytics, and more) for Azure Sentinel or extend Azure Sentinel capabilities via APIs and feel free to mix and match different types of content and data sources to deliver richer end-to-end experiences. Be creative!
Step 1. First, create and configure an Azure Sentinel workspace, if you have not done so already.
- Go to https://aka.ms/AzureSentinel - Get set up with your Azure free account
- Go to the Azure Sentinel dashboard in the Azure portal
- Explore the documentation and quickstarts (Step 2.a. below helps with not only ingesting data sets but also deploying Azure Sentinel and configuring onboarding options in the deployment template. Read up on this option before going ahead with setting up Azure Sentinel from scratch.)
- Next, it’s all about onboarding to Azure Sentinel and the onboarding quickstart is your key here.
Step 2. Then, start setting up data so that you can try out different use cases in Azure Sentinel and get ideas for your submission. There are multiple options here. These are all optional and you can choose from one or many of these depending on the variety of data you wish to explore.
a. Azure-Sentinel2Go expedites the deployment of an Azure Sentinel lab along with other Azure resources and a data ingestion pipeline to consume pre-recorded datasets for Microsoft products for research purposes. This ingests pre-recorded datasets from the Mordor project right at deployment time.
b. Ingest sample data from some non-Microsoft security products without having access to those products. This is using the Azure Sentinel custom log ingest tool that helps ingest these in Azure Log Analytics workspace as custom logs. You can also use the tool to bring in your own data in Azure Sentinel as well as custom logs. Go through the steps in the ingest tool readme for this.
c. Connect with different types of Microsoft as well as non-Microsoft data by following steps in the documentation. To enable this for Microsoft data sources, you can leverage one or more the following free trials to get started:
- Get access to Azure Services with a free 12-month subscription and a $200 credit (Step #1) includes free trial of Azure Security Center (Standard)
- Get access to Enterprise Mobility and Security E5 90-day free trial for access to Cloud Application Security (CAS), Azure Active Directory Information Protection (AADIP), Azure Information Protection (AIP), Intune and other products depending on your scenario
- Get access to Windows Defender Advanced Threat Protection 60-day free trial, depending on your scenario
- Get the Azure Active Directory Premium subscription for up-to 100 licenses for a month
- Azure Sentinel documentation – Learn about Azure Sentinel product and use cases
- Azure Sentinel contribution/content development guidelines – Captures links to different content/contribution types and how it fits in Azure Sentinel use cases along with how to develop these and relevant product documentation as well. This also includes links to helpful resources like Kusto Query Language guide, etc. that can help with creating different types of queries in Azure Sentinel.
- Azure Sentinel level 400 training – Summarizes videos and webinars that can get you ramped up on Azure Sentinel and covers in depths on different Azure Sentinel use cases. These cover a range of training videos starting with content development on Azure Sentinel all the way to extending and integrating with Azure Sentinel.
- Azure Sentinel GitHub repository – Covers lots of use cases and examples of content contributions from the Azure Sentinel Community
- Azure Sentinel Threat Hunters publications and tools – Covers examples of integrating and extending Azure Sentinel
- Refer to the following for few examples of end-to-end solutions that unlocks the potential of Azure Sentinel and drives enterprise value. You can discover more examples by reviewing content and solutions in the Azure Sentinel GitHub repository and blogs.
- Monitoring Zoom with Azure Sentinel (example of end-to-end content integration)
- SOC Prime Sigma integration (example of API integration – part 2 of the 3-blog series covers API integration aspects)
- Azure Sentinel2Go lab with pre-recorded data (example of a tool that enables easier onboarding to Azure Sentinel)
- Join in the Azure Sentinel Tech Community conversations
- Post a question in the Discussions forum if you need help!
- We’ll organize a couple of online Office hours to help with answering any questions or to connect on the Hackathon in general. Tune in for further updates on this.
Find a team
No one is an expert at everything, so you may want to consider looking for a teammate to help you iron out the kinks and fill in the blanks of your submission. We’ve got a few tips for finding a teammate in case you need them.
Use the competition Participants page to connect
In our experience, it’s more fun to code with a friend. On the Participants tab, you can:
- Look for teammates by introducing yourself to the community. Mention any ideas you have and what kind of teammates you’re looking for.
- Sort participants by the number of projects and followers they have or by registration date.
- Search participants by name, skills, and portfolio info.
- Reach out to potential teammates and get to know each other.
- Collaborate on something amazing!