Microsoft Azure Sentinel: Planning and implementing Microsoft s cloud-native SIEM solution

Microsoft Azure Sentinel: Planning and implementing Microsoft s cloud-native SIEM solution

by Yuri Diogenes, Nicholas DiCola, Jonathan Trull
Released March 2020
Publisher(s): Microsoft Press
ISBN: 9780136485506

Read it now on the O’Reilly learning platform with a 10-day free trial.

O’Reilly members get unlimited access to books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Book description

Microsoft Azure Sentinel

Plan, deploy, and operate Azure Sentinel, Microsoft’s advanced cloud-based SIEM

Microsoft’s cloud-based Azure Sentinel helps you fully leverage advanced AI to automate threat identification and response — without the complexity and scalability challenges of traditional Security Information and Event Management (SIEM) solutions. Now, three of Microsoft’s leading experts review all it can do, and guide you step-by-step through planning, deployment, and daily operations. Leveraging in-the-trenches experience supporting early customers, they cover everything from configuration to data ingestion, rule development to incident management… even proactive threat hunting to disrupt attacks before you’re exploited.

Three of Microsoft’s leading security operations experts show how to:

• Use Azure Sentinel to respond to today’s fast-evolving cybersecurity environment, and leverage the benefits of its cloud-native architecture

• Review threat intelligence essentials: attacker motivations, potential targets, and tactics, techniques, and procedures

• Explore Azure Sentinel components, architecture, design considerations, and initial configuration

• Ingest alert log data from services and endpoints you need to monitor

• Build and validate rules to analyze ingested data and create cases for investigation

• Prevent alert fatigue by projecting how many incidents each rule will generate

• Help Security Operation Centers (SOCs) seamlessly manage each incident’s lifecycle

• Move towards proactive threat hunting: identify sophisticated threat behaviors and disrupt cyber kill chains before you’re exploited

• Do more with data: use programmable Jupyter notebooks and their libraries for machine learning, visualization, and data analysis

• Use Playbooks to perform Security Orchestration, Automation and Response (SOAR)

• Save resources by automating responses to low-level events

• Create visualizations to spot trends, identify or clarify relationships, and speed decisions

• Integrate with partners and other third-parties, including Fortinet, AWS, and Palo Alto

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Acknowledgments
  5. Contents at a glance
  6. Contents
  7. About the Author
  8. Foreword
  9. Introduction
  10. Who is this book for?
  11. Errata, updates & book support
  12. Stay in touch
  13. Chapter 1. Security challenges for SecOps
    1. Current threat landscape
    2. Security challenges for SecOps
    3. Threat intelligence
    4. Cloud-native SIEM
  14. Chapter 2. Introduction to Azure Sentinel
    1. Architecture
    2. Adoption considerations
    3. Enabling Azure Sentinel
    4. Data ingestion
    5. Accessing ingested data
  15. Chapter 3. Analytics
    1. Why use analytics for security?
    2. Understanding analytic rules
    3. Creating analytic rules
    4. Validating analytic rules
  16. Chapter 4. Incident management
    1. Introduction to incident management
    2. Security incident in Azure Sentinel
    3. Investigating an incident
  17. Chapter 5. Threat hunting
    1. Introduction to threat hunting
    2. Hunting threats in Azure Sentinel
    3. Creating new hunting queries and bookmarks
  18. Chapter 6. Jupyter Notebooks
    1. Introduction
    2. Azure Notebooks and Azure Sentinel
    3. Connecting to Azure Sentinel
    4. Notebooks for hunting and investigation
    5. Summary
  19. Chapter 7. Automation with Playbooks
    1. The Importance of SOAR
    2. Real-time automation
    3. Post-incident automation
  20. Chapter 8. Data visualization
    1. Azure Sentinel Workbooks
    2. Using built-in Workbooks
    3. Creating custom Workbooks
    4. Creating visualizations in PowerBI and Excel
    5. Creating visualizations in Power BI
  21. Chapter 9. Integrating with partners
    1. Connecting with Fortinet
    2. Connecting with Amazon Web Services (AWS)
    3. Connecting with Palo Alto
  22. Appendix A. Introduction to Kusto Query Language
    1. The KQL query structure
    2. Data types
    3. Getting, limiting, sorting, and filtering data
    4. Summarizing data
    5. Adding and removing columns
    6. Joining tables
    7. Evaluate
    8. Let statements
    9. Suggested learning resources
  23. Index
  24. Credit
  25. Code Snippets

Product information

  • Title: Microsoft Azure Sentinel: Planning and implementing Microsoft s cloud-native SIEM solution
  • Author(s): Yuri Diogenes, Nicholas DiCola, Jonathan Trull
  • Release date: March 2020
  • Publisher(s): Microsoft Press
  • ISBN: 9780136485506