Internship

Exploring Cybersecurity Operations with Microsoft Sentinel

Description of assignment

In an era where digital threats have gotten more sophisticated and prevalent, the need for strong cybersecurity measures has never been more pressing. Enter Microsoft Sentinel, a cutting-edge cloud-native Security Information and Event Management (SIEM) solution built to serve as a sentinel in the ever-changing cyber threat scenario. Sentinel, created by Microsoft, emerges as a strong tool that enables enterprises to identify, analyse, and respond to security issues with remarkable efficiency.

Microsoft Sentinel’s primary goal is to give enterprises with a complete and unified platform for managing their security operations. This is accomplished by consolidating data from several sources, such as security logs, apps, devices, and cloud services, into a single repository. This unified method allows security professionals to acquire comprehensive insights about their organization’s security posture, providing a bird’s-eye perspective of possible threats and weaknesses. Sentinel assists security teams in identifying aberrant trends, responding quickly to occurrences, and eventually fortifying their defenses against cyber threats by deploying sophisticated analytics, machine learning, and automation. Sentinel provides organizations with the tools they need to not only protect but also manage their digital assets by leveraging the power of Microsoft’s cloud infrastructure and expertise.

During this traineeship assignment, you will dive into the world of modern cybersecurity operations by focusing on Microsoft Sentinel, a cloud-native Security Information and Event Management (SIEM) system. Microsoft Sentinel is designed to provide a comprehensive view of an organization’s security posture by aggregating and analysing data from various sources, helping security teams detect, investigate, and respond to threats effectively.

Objectives

  1. Explore a M365 environment with all security features enabled
  2. Investigate security related data generated by Microsoft 365
  3. Enable data connectors within Microsoft Sentinel and perform normalization and data mapping
  4. Create custom detection rules and playbooks
  5. Perform incident analysis and investigation

Optional extensions

  1. Build an incident response workflow
  2. Create a multi-tenant security reporting dashboard

Project methodology

Project Kickoff

  • Objective Definition: The primary aim of this project is to equip you with the skills needed to create insightful security reports using Microsoft Power BI based on Microsoft 365 security data.

  • Project Scope: The project will cover various aspects of Microsoft 365 security data, visualization techniques, and hands-on experience with Power BI.

  • Resources: You will be provided with access to the necessary tools, resources, and guidance to complete the project successfully.

Understanding Microsoft 365 Security Data

  • Gain insights into the types of security data generated by Microsoft 365 services and their significance in detecting and responding to potential threats.

Setting Up Data Connectors

  • Learn how to configure data connectors within Azure Sentinel to seamlessly collect security logs and events from Microsoft 365 services.

Data Mapping and Normalization

  • Discover the process of mapping and normalizing incoming data to ensure consistency and accuracy in analysis.

Custom Detection Rules

  • Get hands-on experience in creating custom detection rules within Azure Sentinel to identify security incidents and anomalies in Microsoft 365 data.

Threat Intelligence Integration

  • Explore the integration of threat intelligence feeds into Azure Sentinel to enhance detection capabilities and stay ahead of emerging threats.

Creating Playbooks and Automation

  • Learn to develop playbooks that automate response actions in Azure Sentinel. Apply this knowledge to develop playbooks for common Microsoft 365 security scenarios.

Incident Analysis and Investigation

  • Utilize Azure Sentinel’s investigation features to analyze detected incidents and gather evidence from Microsoft 365 data.

Incident Response Workflow

  • Take on the challenge of creating a comprehensive incident response workflow for a simulated Microsoft 365 security incident, leveraging Azure Sentinel’s capabilities.

Reporting and Visualization

  • Master the creation of custom dashboards and reports in Azure Sentinel to visualize insights derived from Microsoft 365 security data.

Documentation and Presentation

  • Document your journey by detailing the data connectors used, custom rules created, incident response workflows developed, and any obstacles you encountered.

Ready to apply?

Take the next step in your career journey. Apply now and become part of our team.

School year

2024 - 2025

Contact person

Cindy Van den Hoecke

Internship Supervisor

Kristof Laerenbergh

Orlox focuses on Identity & Access Management, endpoint & messaging security, infrastructure services, and data protection.
  • Identity & Access Management
  • Endpoint & Messaging Security
  • Infrastructure services
  • Data protection

Download the assignment

Interesting right? Download the assignment and get started on your path to success!

Apply now

Seize this unique opportunity to become part of our innovative team and take the next steps in your career. Fill in your details and discover how you can make a difference!

Workshop meeting