An Approach to Managing and Handling Events and Incidents Using Microsoft Sentinel
Keywords:
Segurança da informação, Eventos e Incidentes, SIEM, Microsoft SentinelAbstract
The study in question aimed to analyze how Microsoft Sentinel can help companies in the management and automated treatment of events and security incidents. For this, the case study methodology was used, following the post-implementation use of a Security Information and Event Management System (SIEM) in a company. The main focus of the research is to highlight the benefits that the cloud-native tool, Microsoft Sentinel, can offer to improve the security of an organization's information. In this way, the resources available in Sentinel will be analyzed, such as artificial intelligence and machine learning, which allow the detection and prevention of threats in real time, allowing a faster response to possible security incidents. At the end of the research, it was possible to have an overview of the benefits of Microsoft Sentinel for corporate information security and an understanding of its use in a corporate environment. The main contribution achieved at the end was the possibility of working with Microsoft Sentinel in a corporate environment and with a large volume of data, helping to implement security solutions in other organizations.
References
ALMEIDA, Abraão. Conheça os 5 pilares da segurança da informação das empresas. 2021. Disponível em: <https://blog.hosts.green/pilares-daseguranca-da-informacao/>.
CERT.BR. Estatísticas dos Incidentes Reportados ao CERT.br. 2020. Disponível em: <https://www.cert.br/stats/incidentes/>.
DELL TECHNOLOGIES. Avaliação do andamento da transformação digital ao redor do mundo. 2020. Disponível em: <https://www.dell.com/ptbr/dt/perspectives/digital-transformation-index.htm#scroll=off>.
GARTNER. Security Information and Event Management (SIEM). 2022. Disponível em: <https://www.gartner.com/en/informationtechnology/glossary/security-information-and-event-management-siem>.
GIL, Antonio. Como elaborar projetos de pesquisa. Em GEN - Atlas. 7ª Ed. Atlas. 2022
ISSO. ISSO/IEC27000:2009: Information technology — Security Techniques — Information security management systems. 2009. Disponível em:<https://revista.fatectq.edu.br/interfacetecnologica/article/view/40/37>.
MICROSOFT. Microsoft Sentinel. 2022. Disponível em:<https://azure.microsoft.com/pt-pt/products/microsoftsentinel/https://azure.microsoft.com/pt-pt/products/microsoft-sentinel/>.
NIST. Guia de tratamento de incidentes de segurança do computador: recomendações do Instituto Nacional de Padrões e Tecnologia. 2013. Disponível em: <https://nist.ent.sirsi.net/client/en_US/default/search/detailnonmodal/ent:$002f$002fSD_ILS$002f0$002fSD_ILS:104535/one?qu=NIST.SP.800-61r2&te=ILS&lm=NISTPUBS>.
SANTOS, L. SIEM Open-Source Solutions: A Comparative Study. 2019. Disponível em: <https://www.researchgate.net/publication/338052058_SIEM_Open_Source_Solutions_A_Comparative_Study>.
TOTVS. Segurança da informação: o que é e boas práticas. 2021. Disponível em: <https://www.totvs.com/blog/negocios/seguranca-dainformacao/>.
TELIUM NETWORKS. Confidencialidade, integridade e disponibilidade: os três pilares da segurança da informação, 2018. Disponível em: <https://www.telium.com.br/blog/confidencialidade-integridadee-disponibilidade-os-tres-pilares-da-seguranca-da-informacao>.
THEOFILO, Carlos; MARTINS, Gilberto. Metodologia Da Investigação Cientifica. Ed. Atlas. 2016
VELASCO, Ariane. O que é Segurança da Informação?, 2019. Disponível em: <https://canaltech.com.br/seguranca/seguranca-da-informacaoo-que-e-158375/>.
YIN, Robert. Case Study Research and Applications: Design and Methods. Sage Publications, Inc. 2017
