Book description
Microsoft Azure Sentinel
Plan, deploy, and operate Azure Sentinel, Microsoft’s advanced cloud-based SIEM
Microsoft’s cloud-based Azure Sentinel helps you fully leverage advanced AI to automate threat identification and response — without the complexity and scalability challenges of traditional Security Information and Event Management (SIEM) solutions. Now, three of Microsoft’s leading experts review all it can do, and guide you step-by-step through planning, deployment, and daily operations. Leveraging in-the-trenches experience supporting early customers, they cover everything from configuration to data ingestion, rule development to incident management… even proactive threat hunting to disrupt attacks before you’re exploited.
Three of Microsoft’s leading security operations experts show how to:
• Use Azure Sentinel to respond to today’s fast-evolving cybersecurity environment, and leverage the benefits of its cloud-native architecture
• Review threat intelligence essentials: attacker motivations, potential targets, and tactics, techniques, and procedures
• Explore Azure Sentinel components, architecture, design considerations, and initial configuration
• Ingest alert log data from services and endpoints you need to monitor
• Build and validate rules to analyze ingested data and create cases for investigation
• Prevent alert fatigue by projecting how many incidents each rule will generate
• Help Security Operation Centers (SOCs) seamlessly manage each incident’s lifecycle
• Move towards proactive threat hunting: identify sophisticated threat behaviors and disrupt cyber kill chains before you’re exploited
• Do more with data: use programmable Jupyter notebooks and their libraries for machine learning, visualization, and data analysis
• Use Playbooks to perform Security Orchestration, Automation and Response (SOAR)
• Save resources by automating responses to low-level events
• Create visualizations to spot trends, identify or clarify relationships, and speed decisions
• Integrate with partners and other third-parties, including Fortinet, AWS, and Palo Alto
Table of contents
- Cover Page
- Title Page
- Copyright Page
- Acknowledgments
- Contents at a glance
- Contents
- About the Author
- Foreword
- Introduction
- Who is this book for?
- Errata, updates & book support
- Stay in touch
- Chapter 1. Security challenges for SecOps
- Chapter 2. Introduction to Azure Sentinel
- Chapter 3. Analytics
- Chapter 4. Incident management
- Chapter 5. Threat hunting
- Chapter 6. Jupyter Notebooks
- Chapter 7. Automation with Playbooks
- Chapter 8. Data visualization
- Chapter 9. Integrating with partners
- Appendix A. Introduction to Kusto Query Language
- Index
- Credit
- Code Snippets
Product information
- Title: Microsoft Azure Sentinel: Planning and implementing Microsoft s cloud-native SIEM solution
- Author(s):
- Release date: March 2020
- Publisher(s): Microsoft Press
- ISBN: 9780136485506
You might also like
book
Microsoft Sentinel: Planning and implementing Microsoft's cloud-native SIEM solution, 2nd Edition
Build next-generation security operations with Microsoft Sentinel Microsoft Sentinel is the scalable, cloud-native, security information and …
book
Microsoft Azure Security Center, 3rd Edition
The definitive practical guide to Azure Security Center, 50%+ rewritten for new features, capabilities, and threats …
book
Microsoft Azure Network Security
Master a complete strategy for protecting any Azure cloud network environment! Network security is crucial to …
book
Cyber Security on Azure: An IT Professional’s Guide to Microsoft Azure Security
Prevent destructive attacks to your Azure public cloud infrastructure, remove vulnerabilities, and instantly report cloud security …