Microsoft Sentinel: Planning and implementing Microsoft's cloud-native SIEM solution, 2nd Edition

Book description

Build next-generation security operations with Microsoft Sentinel

Microsoft Sentinel is the scalable, cloud-native, security information and event management (SIEM) solution for automating and streamlining threat identification and response across your enterprise. Now, three leading experts guide you step-by-step through planning, deployment, and operations, helping you use Microsoft Sentinel to escape the complexity and scalability challenges of traditional solutions. Fully updated for the latest enhancements, this edition introduces new use cases for investigation, hunting, automation, and orchestration across your enterprise and all your clouds. The authors clearly introduce each service, concisely explain all new concepts, and present proven best practices for maximizing Microsoft Sentinels value throughout security operations.

Three of Microsofts leading security operations experts show how to:

  • Review emerging challenges that make better cyberdefense an urgent priority

  • See how Microsoft Sentinel responds by unifying alert detection, threat visibility, proactive hunting, and threat response

  • Explore components, architecture, design, and initial configuration

  • Ingest alerts and raw logs from all sources you need to monitor

  • Define and validate rules that prevent alert fatigue

  • Use threat intelligence, machine learning, and automation to triage issues and focus on high-value tasks

  • Add context with User and Entity Behavior Analytics (UEBA) and Watchlists

  • Hunt sophisticated new threats to disrupt cyber kill chains before youre exploited

  • Enrich incident management and threat hunting with Jupyter notebooks

  • Use Playbooks to automate more incident handling and investigation tasks

  • Create visualizations to spot trends, clarify relationships, and speed decisions

  • Simplify integration with point-and-click data connectors that provide normalization, detection rules, queries, and Workbooks

About This Book

  • For cybersecurity analysts, security administrators, threat hunters, support professionals, engineers, and other IT professionals concerned with security operations

  • For both Microsoft Azure and non-Azure users at all levels of experience

Table of contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Pearson’s Commitment to Diversity, Equity, and Inclusion
  5. Figure Credits
  6. Contents at a Glance
  7. Contents
  8. Foreword
  9. Acknowledgments
  10. About the authors
  11. Introduction
    1. Who is this book for?
    2. System requirements
    3. Errata, updates & book support
    4. Stay in touch
  12. Chapter 1. Security challenges for SecOps
    1. Current threat landscape
    2. Security Challenges for SecOps
    3. Threat intelligence
    4. Introducing Microsoft Sentinel
  13. Chapter 2. Introduction to Microsoft Sentinel
    1. Architecture
    2. Enabling Microsoft Sentinel
    3. Ingesting data from Microsoft solutions
    4. Accessing ingested data
  14. Chapter 3. Analytics
    1. Why use analytics for security?
    2. Understanding analytic rules
    3. Creating analytic rules
    4. Validating analytic rules
  15. Chapter 4. Incident management
    1. Understanding Microsoft Sentinel incidents
    2. Exploring and configuring the Incidents view
    3. Guides and feedback
    4. Triaging incidents
    5. Searching for specific incidents
    6. Incident details
    7. Teams integration
    8. Graphical investigation
  16. Chapter 5. Hunting
    1. Understanding threat hunting
    2. Threat hunting in Microsoft Sentinel
    3. Livestream
    4. Understanding cyberthreat intelligence
    5. Threat intelligence in Microsoft Sentinel
  17. Chapter 6. Notebooks
    1. Understanding Microsoft Sentinel Notebooks
    2. Configuring an AML workspace and compute
    3. Configuration steps to interact with your Microsoft Sentinel workspace
    4. The MSTICpy library
    5. Hunting and enrichment examples
  18. Chapter 7. Automating response
    1. The importance of SOAR
    2. Creating an automation rule
    3. Advanced automation with Playbooks
    4. Post-incident automation
  19. Chapter 8. Data visualization
    1. Microsoft Sentinel Workbooks
    2. Creating custom Workbooks
    3. Creating visualizations in Power BI and Excel
  20. Chapter 9. Data connectors
    1. Understanding data connectors
    2. Ingestion methods
    3. The Codeless Connector Platform
    4. Preparing for a new data connector
    5. Enabling and configuring a data connector
    6. Understanding the Amazon Web Services S3 connector
    7. Data connector health monitoring
    8. The Content Hub
  21. Appendix A. Introduction to Kusto Query Language
    1. The KQL query structure
    2. Data types
    3. Getting, limiting, sorting, and filtering data
    4. Summarizing data
    5. Adding and removing columns
    6. Joining tables
    7. Evaluate
    8. Let statements
    9. Suggested learning resources
  22. Appendix B. Microsoft Sentinel for managed security service providers
    1. Accessing the customer environment
    2. Cross-workspace features
    3. Security content management
  23. Index
  24. Code Snippets

Product information

  • Title: Microsoft Sentinel: Planning and implementing Microsoft's cloud-native SIEM solution, 2nd Edition
  • Author(s): Nicholas DiCola, Yuri Diogenes, Tiander Turpijn
  • Release date: August 2022
  • Publisher(s): Microsoft Press
  • ISBN: 9780137900923