Register your product to gain access to bonus material or receive a coupon.
Microsoft Azure Sentinel: Planning and implementing Microsoft s cloud-native SIEM solution
- By Yuri Diogenes, Nicholas DiCola, Jonathan Trull
- Published Mar 17, 2020 by Microsoft Press. Part of the IT Best Practices - Microsoft Press series.
Best Value Purchase
Book + eBook Bundle
- Your Price: $43.19
- List Price: $71.98
- Includes EPUB, MOBI, and PDF
- About eBook Formats
This eBook includes the following formats, accessible from your Account page after purchase:
EPUB
The open industry format known for its reflowable content and usability on supported mobile devices.
MOBI
The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.
PDF
The popular standard, used most often with the free Adobe® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
More Purchase Options
eBook (Watermarked)
- Your Price: $25.59
- List Price: $31.99
- Includes EPUB, MOBI, and PDF
- About eBook Formats
This eBook includes the following formats, accessible from your Account page after purchase:
EPUB
The open industry format known for its reflowable content and usability on supported mobile devices.
MOBI
The eBook format compatible with the Amazon Kindle and Amazon Kindle applications.
PDF
The popular standard, used most often with the free Adobe® Reader® software.
This eBook requires no passwords or activation to read. We customize your eBook by discreetly watermarking it with your name, making it uniquely yours.
About
Features
- By Microsoft experts with unsurpassed in-the-trenches experience developing Azure Sentinel and helping customers use it to secure their organizations
- Thoroughly reviews today’s quickly evolving cybersecurity environment, explores the threat landscape, and demonstrates how Azure Sentinel can help
- Guides you through all facets of planning and adoption, from data ingestion to analytics and beyond
- Covers case management, investigation, threat hunting, Jupyter Notebooks, Playbook automation, SOAR support, data visualization, and much more
Description
- Copyright 2020
- Dimensions: 7-3/8" x 9-1/8"
- Pages: 208
- Edition: 1st
- Book
- ISBN-10: 0-13-648545-6
- ISBN-13: 978-0-13-648545-2
Microsoft Azure Sentinel
Plan, deploy, and operate Azure Sentinel, Microsoft’s advanced cloud-based SIEM
Microsoft’s cloud-based Azure Sentinel helps you fully leverage advanced AI to automate threat identification and response – without the complexity and scalability challenges of traditional Security Information and Event Management (SIEM) solutions. Now, three of Microsoft’s leading experts review all it can do, and guide you step by step through planning, deployment, and daily operations. Leveraging in-the-trenches experience supporting early customers, they cover everything from configuration to data ingestion, rule development to incident management… even proactive threat hunting to disrupt attacks before you’re exploited.
Three of Microsoft’s leading security operations experts show how to:
• Use Azure Sentinel to respond to today’s fast-evolving cybersecurity environment, and leverage the benefits of its cloud-native architecture
• Review threat intelligence essentials: attacker motivations, potential targets, and tactics, techniques, and procedures
• Explore Azure Sentinel components, architecture, design considerations, and initial configuration
• Ingest alert log data from services and endpoints you need to monitor
• Build and validate rules to analyze ingested data and create cases for investigation
• Prevent alert fatigue by projecting how many incidents each rule will generate
• Help Security Operation Centers (SOCs) seamlessly manage each incident’s lifecycle
• Move towards proactive threat hunting: identify sophisticated threat behaviors and disrupt cyber kill chains before you’re exploited
• Do more with data: use programmable Jupyter notebooks and their libraries for machine learning, visualization, and data analysis
• Use Playbooks to perform Security Orchestration, Automation and Response (SOAR)
• Save resources by automating responses to low-level events
• Create visualizations to spot trends, identify or clarify relationships, and speed decisions
• Integrate with partners and other third-parties, including Fortinet, AWS, and Palo Alto
Sample Content
Sample Pages
Download the sample pages (includes Chapter 2)
Table of Contents
Chapter 1 – Security Challenges for SecOps• Current Threat Landscape• Security Challenges for SecOps• Threat Intelligence• Cloud-native SIEMChapter 2 – Introduction to Azure Sentinel • Architecture• Adoption Considerations• Enabling Azure Sentinel• Data Ingestion• Accessing ingested dataChapter 3 – Analytics •Why Use Analytics for Security?• Understanding Analytic Rules• Creating Analytic Rules
• Validating Analytic Rules
Chapter 4 – Incident Management• Introduction to Incident Management• Security Incident in Azure Sentinel• Investigating an IncidentChapter 5 – Threat Hunting • Introduction to Threat Hunting• Hunting threats in Azure Sentinel• Creating New Hunting Queries and BookmarksChapter 6 – Jupyter Notebooks• Introduction• Azure Notebooks and Azure Sentinel• Connecting to Azure Sentinel• Notebooks for Hunting and InvestigationChapter 7 – Automation with Playbooks • The Importance of SOAR• Real-time Automation• Post-incident AutomationChapter 8 – Data Visualization• Azure Sentinel Workbooks• Using Built-in Workbooks• Creating Custom Workbooks• Creating Visualization in PowerBI and Excel• Creating Visualization in PowerBIChapter 9 – Integrating with Partners • Connecting with Fortinet• Connecting with Amazon Web Services (AWS)• Connecting with Palo AltoAppendix A – Introduction to Kusto Query Language
