Cover image for Microsoft Sentinel: Planning and implementing Microsoft's cloud-native SIEM solution, 2nd Edition

Microsoft Sentinel: Planning and implementing Microsoft's cloud-native SIEM solution, 2nd Edition

Author Nicholas DiCola , Yuri Diogenes , Tiander Turpijn
Release Date: 2022/08/01
ISBN: 9780137900923
Topic:
0%
33
Chapters
0-1
Hours read
0k
Total Words
    Start Reading Now    
       Add to Wishlist       
View table of contents

Build next-generation security operations with Microsoft Sentinel

Microsoft Sentinel is the scalable, cloud-native, security information and event management (SIEM) solution for automating and streamlining threat identification and response across your enterprise. Now, three leading experts guide you step-by-step through planning, deployment, and operations, helping you use Microsoft Sentinel to escape the complexity and scalability challenges of traditional solutions. Fully updated for the latest enhancements, this edition introduces new use cases for investigation, hunting, automation, and orchestration across your enterprise and all your clouds. The authors clearly introduce each service, concisely explain all new concepts, and present proven best practices for maximizing Microsoft Sentinels value throughout security operations.

Three of Microsofts leading security operations experts show how to:

  • Review emerging challenges that make better cyberdefense an urgent priority

  • See how Microsoft Sentinel responds by unifying alert detection, threat visibility, proactive hunting, and threat response

  • Explore components, architecture, design, and initial configuration

  • Ingest alerts and raw logs from all sources you need to monitor

  • Define and validate rules that prevent alert fatigue

  • Use threat intelligence, machine learning, and automation to triage issues and focus on high-value tasks

  • Add context with User and Entity Behavior Analytics (UEBA) and Watchlists

  • Hunt sophisticated new threats to disrupt cyber kill chains before youre exploited

  • Enrich incident management and threat hunting with Jupyter notebooks

  • Use Playbooks to automate more incident handling and investigation tasks

  • Create visualizations to spot trends, clarify relationships, and speed decisions

  • Simplify integration with point-and-click data connectors that provide normalization, detection rules, queries, and Workbooks

About This Book

  • For cybersecurity analysts, security administrators, threat hunters, support professionals, engineers, and other IT professionals concerned with security operations

  • For both Microsoft Azure and non-Azure users at all levels of experience

Table of Contents

  1. Cover Page
  2. Title Page
  3. Copyright Page
  4. Pearson’s Commitment to Diversity, Equity, and Inclusion
  5. Figure Credits
  6. Contents at a Glance
  7. Contents
  8. Foreword
  9. Acknowledgments
  10. About the authors
  11. Introduction
  12. Chapter 1. Security challenges for SecOps
  13. Chapter 2. Introduction to Microsoft Sentinel
  14. Chapter 3. Analytics
  15. Chapter 4. Incident management
  16. Chapter 5. Hunting
  17. Chapter 6. Notebooks
  18. Chapter 7. Automating response
  19. Chapter 8. Data visualization
  20. Chapter 9. Data connectors
  21. Appendix A. Introduction to Kusto Query Language
  22. Appendix B. Microsoft Sentinel for managed security service providers
  23. Index
  24. Code Snippets
18.119.111.9