Other versions by this Author
This book navigates you through the planning considerations, the deployment phase and also explains how to use Azure Sentinel in your SOC (Security Operations Center) for investigation and threat hunting. This book covers the problem domain that we need to solve, it rationalizes how Azure Sentinel can address this problem, it covers the planning phase of the project and the deployment of Azure Sentinel.
Microsoft Azure Sentinel Planning and implementing Microsofts cloud-native SIEM solution
by Diogenes, Yuri; DiCola, Nicholas; Trull, JonathanEdition: 1st
Format: Paperback
Pub. Date: 2020-03-17
Publisher(s): Microsoft Press
List Price: $39.99
Buy New
Special Order. We will make every effort to obtain this item but cannot guarantee stock or timing.
$38.79
Rent Book
Select for Price
Used Book
We're Sorry
Sold Out
eBook
We're Sorry
Not Available
Summary
Azure Sentinel is the new cloud-native SIEM and SOAR from Microsoft. Azure Sentinel provides intelligent security analytics for your entire enterprise at cloud scale. Azure Sentinel uses intelligent security analytics and threat intelligence to analyze data across different data sources and provide a single solution for alert detection, threat visibility, proactive hunting, and threat response.
Author Biography
Yuri Diogenes, Senior Program Manager at Microsoft C+AI Security CxE Team with focus on Azure Security Center and Azure Sentinel. Also a Professor at EC-Council University’s MS and BS-level Cybersecurity programs. He holds an MS in Cybersecurity Intelligence & Forensics from Utica College.
Nicolas DiCola, an IT Security Jedi, is a Principal PM Manager at Microsoft C+AI Security CxE Team. He works on Azure Security Center, Azure Sentinel, and Azure Network Security. He is also a 20 year Reservist in the US Marine Corps working on Cyber Security.
Jonathan Trull, a longtime security practitioner and CISO, is Microsoft’s Global Director of Cybersecurity Solution Strategy for the Cybersecurity Solutions Group. In addition to his work at Microsoft, he serves as an advisor to several security startups and venture capital firms and supports the broader security community through his work with the Cloud Security Alliance, Center for Internet Security, and IANS.
Table of Contents
Chapter 1 — Security Challenges for SecOps
• Current Threat Landscape
• Security Challenges for SecOps
• Threat Intelligence
• Cloud-native SIEM
Chapter 2 — Azure Sentinel
• Architecture
• Adoption Considerations
• Configuring Workspace
• Data Ingestion
• Ingesting data from Microsoft solutions
Chapter 3 — Analytics
• Understanding Analytics
• Creating Analytics
• Validating Analytics
Chapter 4 — Incident Management
• Understanding Incidents
• Incident management
• Investigation
Chapter 5 — Hunting
• Introduction to Threat Hunting
• Hunting threats in Azure Sentinel
• Creating New Queries
Chapter 6 — Notebooks
• Understanding Jupyter Notebooks
• Leveraging Community Notebooks
• Analyzing data with Notebooks
Chapter 7 — Automation with Playbooks
• Azure Sentinel SOAR capabilities
• Understanding Playbooks
• Creating Playbooks
• Linking playbooks to analytics
Chapter 8 — Data Visualization
• Azure Sentinel Dashboards
• Installing Dashboards
• Using Dashboards
Chapter 9 — Integrating with Partners
• Connecting with Fortinet
• Connecting with AWS
• Connecting with Palo Alto
An electronic version of this book is available through VitalSource.
This book is viewable on PC, Mac, iPhone, iPad, iPod Touch, and most smartphones.
By purchasing, you will be able to view this book online, as well as download it, for the chosen number of days.
A downloadable version of this book is available through the eCampus Reader or compatible Adobe readers.
Applications are available on iOS, Android, PC, Mac, and Windows Mobile platforms.
Please view the compatibility matrix prior to purchase.