9780136485452

Microsoft Azure Sentinel Planning and implementing Microsofts cloud-native SIEM solution

by ; ;
  • ISBN13:

    9780136485452

  • ISBN10:

    0136485456

  • Edition: 1st
  • Format: Paperback
  • Copyright: 2020-03-11
  • Publisher: Microsoft Press
  • Purchase Benefits
  • Free Shipping On Orders Over $35!
    Your order must be $35 or more to qualify for free economy shipping. Bulk sales, PO's, Marketplace items, eBooks and apparel do not qualify for this offer.
  • Get Rewarded for Ordering Your Textbooks! Enroll Now
List Price: $39.99 Save up to $2.00
  • Buy New
    $37.99
    Add to Cart Free Shipping

    NOT YET PRINTED. PLACE AN ORDER AND WE WILL SHIP IT AS SOON AS IT ARRIVES.

Supplemental Materials

What is included with this book?

Summary

Microsoft Azure Sentinel

Plan, deploy, and operate Azure Sentinel, Microsoft’s advanced cloud-based SIEM


Microsoft’s cloud-based Azure Sentinel helps you fully leverage advanced AI to automate threat identification and response — without the complexity and scalability challenges of traditional Security Information and Event Management (SIEM) solutions. Now, three of Microsoft’s leading experts review all it can do, and guide you step-by-step through planning, deployment, and daily operations. Leveraging in-the-trenches experience supporting early customers, they cover everything from configuration to data ingestion, rule development to incident management… even proactive threat hunting to disrupt attacks before you’re exploited.


Three of Microsoft’s leading security operations experts show how to:

• Use Azure Sentinel to respond to today’s fast-evolving cybersecurity environment, and leverage the benefits of its cloud-native architecture

• Review threat intelligence essentials: attacker motivations, potential targets, and tactics, techniques, and procedures

• Explore Azure Sentinel components, architecture, design considerations, and initial configuration

• Ingest alert log data from services and endpoints you need to monitor

• Build and validate rules to analyze ingested data and create cases for investigation

• Prevent alert fatigue by projecting how many incidents each rule will generate

• Help Security Operation Centers (SOCs) seamlessly manage each incident’s lifecycle

• Move towards proactive threat hunting: identify sophisticated threat behaviors and disrupt cyber kill chains before you’re exploited

• Do more with data: use programmable Jupyter notebooks and their libraries for machine learning, visualization, and data analysis

• Use Playbooks to perform Security Orchestration, Automation and Response (SOAR)

• Save resources by automating responses to low-level events

• Create visualizations to spot trends, identify or clarify relationships, and speed decisions

• Integrate with partners and other third-parties, including Fortinet, AWS, and Palo Alto  

Author Biography

Yuri Diogenes, Senior Program Manager at Microsoft C+AI Security CxE Team with focus on Azure Security Center and Azure Sentinel. Also a Professor at EC-Council University’s MS and BS-level Cybersecurity programs. He holds an MS in Cybersecurity Intelligence & Forensics from Utica College.

 

Nicolas DiCola, an IT Security Jedi, is a Principal PM Manager at Microsoft C+AI Security CxE Team. He works on Azure Security Center, Azure Sentinel, and Azure Network Security.  He is also a 20 year Reservist in the US Marine Corps working on Cyber Security.

 

Jonathan Trull, a longtime security practitioner and CISO, is Microsoft’s Global Director of Cybersecurity Solution Strategy for the Cybersecurity Solutions Group.  In addition to his work at Microsoft, he serves as an advisor to several security startups and venture capital firms and supports the broader security community through his work with the Cloud Security Alliance, Center for Internet Security, and IANS.


Table of Contents

Chapter 1 — Security Challenges for SecOps
• Current Threat Landscape
• Security Challenges for SecOps
• Threat Intelligence
• Cloud-native SIEM
Chapter 2 — Azure Sentinel 
• Architecture
• Adoption Considerations
• Configuring Workspace
• Data Ingestion
• Ingesting data from Microsoft solutions
Chapter 3 — Analytics 
• Understanding Analytics
• Creating Analytics
• Validating Analytics
Chapter 4 — Incident Management
• Understanding Incidents
• Incident management
• Investigation
Chapter 5 — Hunting 
• Introduction to Threat Hunting
• Hunting threats in Azure Sentinel
• Creating New Queries
Chapter 6 — Notebooks
• Understanding Jupyter Notebooks
• Leveraging Community Notebooks
• Analyzing data with Notebooks
Chapter 7 — Automation with Playbooks 
• Azure Sentinel SOAR capabilities
• Understanding Playbooks
• Creating Playbooks
• Linking playbooks to analytics
Chapter 8 — Data Visualization
• Azure Sentinel Dashboards
• Installing Dashboards
• Using Dashboards
Chapter 9 — Integrating with Partners 
• Connecting with Fortinet
• Connecting with AWS 
• Connecting with Palo Alto

Rewards Program

Write a Review