SIEM Tutorial for Beginners | Azure Sentinel Tutorial MAP with LIVE CYBER ATTACKS!

Title:

Description:

In this video, I setup Azure Sentinel (SIEM) and connect it to a live virtual machine acting as a honey pot. We will observe live attacks (RDP Brute Force) from all around the world. We will use a custom PowerShell script to look up the attackers Geolocation information and plot it on the Azure Sentinel Map! LEARN THIS IN DEPTH AND PUT THIS ON YOUR RESUME!

🙇‍♂️ - Patreon - 🙇‍♂️
▶ https://www.patreon.com/joshmadakor - Any support greatly appreciated!!

▶ PowerShell Script for the Lab: https://github.com/joshmadakor1/Sentinel-Lab/blob/main/Custom_Security_Log_Exporter.ps1

▶ Azure Trial: https://azure.microsoft.com/en-us/free/

▶ Sentinel Map Query:
FAILED_RDP_WITH_GEO_CL | summarize event_count=count() by sourcehost_CF, latitude_CF, longitude_CF, country_CF, label_CF, destinationhost_CF
| where destinationhost_CF != "samplehost"
| where sourcehost_CF != ""

⌨️ - Coding - ⌨️
▶ My favorite coding tutorials (CodeWithMosh): https://bit.ly/338kfD6

📄 - Sample Resumes - 📄
▶ Vulnerability Management: https://docs.google.com/document/d/1QFcFM2IyvbDU5dTkT-8HeE3OO7Bml-4a6U9XskZJQ5Q/edit?usp=sharing
▶ Software Engineering: https://bit.ly/3hm4lLe
▶ Cybersecurity: https://bit.ly/2M463Fq 
▶ Information Technology: https://bit.ly/3huhLFa

⭐️ - Social Media - ⭐️
▶ Instagram: https://www.instagram.com/joshmadakor/
▶ LinkedIn: https://www.linkedin.com/in/joshmadakor/
▶ Patreon: https://www.patreon.com/joshmadakor
▶ Twitter: https://twitter.com/joshmadakor 
▶ Facebook: https://www.facebook.com/josh.madakor

🎥 - Equipment - 🎥
▶ Camera (Sony a6600): https://amzn.to/33HVvSv 
▶ Mic (Blue Yeti): https://amzn.to/2HoZ3kw 
▶ Capture Card (Camera to PC): https://amzn.to/36YmuKm 
▶ Chair (AKRacing): https://amzn.to/39P8PZ1 
▶ Lighting (Lamp): https://amzn.to/3fpVGWZ

0:00 Intro
2:01 Preview of Technical steps
4:48 Create Azure Subscription
5:10 Create Virtual Machine
6:35 Allow all in Firewall
7:40 Create Log Analytics Workspace
8:35 Enable gathering VM logs in Security Center
9:10 Connect Log Analytics to VM
9:40 Setup Azure Sentinel
10:15 Log into VM with Remote Desktop (fail 1 logon)
11:45 Observe Event Viewer Logs in VM
14:55 Turn of Windows Firewall on VM
16:20 Download PowerShell Script
17:25 Get Geolocation.io API Key
18:05 Run Script To get Geo Data from attackers
21:20 Create custom log in LAW to bring in our custom log
24:25 Create custom fields/extract fields from raw custom log data
34:05 Testing Extracts
35:50 Setup map in sentinel with Latitude and Longitude (or country)
43:37 Fixing Map plot sizes
44:23 China Begins Attacking
45:15 Taiwan joins the attack
46:13 Philippines joins the attack
47:00 Russian + the rest of the world join in on the attack
48:50 Final check on map
49:55 Final Thoughts and takeaways
52:10 Outro

DISCLAIMER: This video description has some affiliate links and I may receive a small commission. I only share stuff that I use and believe in. Thanks so much for your support 🥺

YouTube url:	https://youtu.be/RoZeVbbZ0o0
Created:	27. 7. 2022 02:31:04

CaptionsMaker.com

SIEM Tutorial for Beginners | Azure Sentinel Tutorial MAP with LIVE CYBER ATTACKS!