Microsoft Azure Sentinel: Planning and implementing Microsofts cloud-native SIEM solution (IT Best Practices – Microsoft Press)
by: Yuri Diogenes ,Nicholas DiCola,et al.
Series: IT Best Practices – Microsoft Press
Print Length 页数: 208 pages
Publisher finelybook 出版社: Microsoft Press; 1 edition (March 21,2020)
Language 语言: English
ISBN-10: 0136485456
ISBN-13: 9780136485452
Book Description
Microsoft’s cloud-based Azure Sentinel helps you fully leverage advanced AI to automate threat identification and response — without the complexity and scalability challenges of traditional Security Information and Event Management (SIEM) solutions. Now,three of Microsoft’s leading experts review all it can do,and guide you step-by-step through planning,deployment,and daily operations. Leveraging in-the-trenches experience supporting early customers,they cover everything from configuration to data ingestion,rule development to incident management… even proactive threat hunting to disrupt attacks before you’re exploited.
Three of Microsoft’s leading security operations experts show how to:
Use Azure Sentinel to respond to today’s fast-evolving cybersecurity environment,and leverage the benefits of its cloud-native architecture
Review threat intelligence essentials: attacker motivations,potential targets,and tactics,techniques,and procedures
Explore Azure Sentinel components,architecture,design considerations,and initial configuration
Ingest alert log data from services and endpoints you need to monitor
Build and validate rules to analyze ingested data and create cases for investigation
Prevent alert fatigue by: projecting how many incidents each rule will generate
Help Security Operation Centers (SOCs) seamlessly manage each incident’s lifecycle
Move towards proactive threat hunting: identify sophisticated threat behaviors and disrupt cyber kill chains before you’re exploited
Do more with data: use programmable Jupyter notebooks and their libraries for machine learning,visualization,and data analysis
Use Playbooks to perform Security Orchestration,Automation and Response (SOAR)
Save resources by: automating responses to low-level events
Create visualizations to spot trends,identify or clarify relationships,and speed decisions
Integrate with partners and other third-parties,including Fortinet,AWS,and Palo Alto
Chapter 1.Security challenges for SecOps
Chapter 2.Introduction to Azure Sentinel
Chapter 3.Analytics
Chapter 4.Incident management
Chapter 5.Threat hunting
Chapter 6.Jupyter Notebooks
Chapter 7.Automation with Playbooks
Chapter 8.Data visualization
Chapter 9.Integrating with partners
Appendix A.Introduction to Kusto Query Language
