Home Page Icon
Home Page
Table of Contents for
Images
Close
Images
by Yuri Diogenes, Tom Shinder
Microsoft Azure Security Center, First Edition
Cover
Title Page
Copyright Page
Contents
Acknowledgments
About the authors
Foreword
Introduction
Chapter 1 The threat landscape
Understanding cybercrime
Understanding the cyber kill chain
Common threats
Building a security posture
Adopting an assume-breach mentality
Cloud threats and security
Compliance
Risk management
Identity and access management
Operational security
Endpoint protection
Data protection
Azure Security
Host protection
Network protection
Storage protection
Chapter 2 Introduction to Azure Security Center
Understanding Security Center
Security Center architecture
Security Center dashboard
Considerations before adoption
Role-based access control
Security policy
Storage
Recommendations
Incorporating Security Center into your security operations
Onboarding resources
Initial assessment
Chapter 3 Policy management
Legacy Azure Security Center security policy
Next-generation Azure Security Center security policy
The Data Collection blade
The Policy Management blade
The Email Notifications blade
The Pricing Tier blade
Azure Policy
Policy definitions and assignments
Initiative definitions and assignments
Exploring Azure Policy
Customizing your Security Center security policies
Azure Security Center RBAC and permissions
Chapter 4 Mitigating security issues
Compute recommendations
Setting up endpoint protection
Remediate Security Configurations
Networking recommendations
NSGs on subnets not enabled
Restrict access through internet-facing endpoint
Storage and data
Server auditing and threat detection not enabled
Storage encryption not enabled
Applications
Web application firewall not installed
Chapter 5 Using Security Center for incident response
Understanding security alerts
Detection scenarios
Detecting spam activity
Crash-dump analysis
Accessing security alerts
Security incidents
Custom alerts
Investigating a security issue
Responding to a security alert
Creating a playbook
Building the workflow
Executing a playbook
Auditing playbook execution
Chapter 6 Advanced cloud defense
Threat prevention versus threat detection
Methods of threat detection
Atomic detection
Threat-intelligence feeds and integrated security solutions
Behavioral analysis
Anomaly detection
The cyber kill chain and fusion alerts
Application whitelisting: adaptive application controls
Just-in-time VM access
Chapter 7 Security incident and event management (SIEM) integration with Splunk
Integrating SIEM solutions
Splunk integration with Azure Security Center
Confirming accessible logs in Azure Monitor
Configuring the subscription for the Splunk SIEM pipe
Creating and configuring a resource group for the Splunk SIEM pipe
Setting up an Azure AD application to provide an access control identity
Creating an Azure key vault
Copying the app password into Key Vault
Making an event hub
Creating a shared access key for event hub access control
Placing the event hub shared access key in Azure Key Vault
Hooking up the event hub to Azure Monitor
Spinning up the virtual machine that hosts the Splunk enterprise VM
Installing and configuring the Azure Monitor add-on for Splunk
Chapter 8 Monitoring identity and access
Monitoring identity-related activities
Identity posture
Failed logons
Logons over time
Integrating Security Center with Azure Active Directory Identity Protection
Customizing your search
Chapter 9 Using threat intelligence to identify security issues
What is threat intelligence and why use it?
Using threat intelligence reports in Security Center
Using the Threat Intelligence dashboard in Security Center
Hunting security issues in Security Center
Virtual Analyst
Appendix A Using multiple workspaces in Security Center
Creating a new workspace
Moving computers and VMs to a new workspace
Appendix B Customizing your operating system security baseline assessment
General considerations
Customizing operating system configuration
Downloading the JSON file
Editing the JSON file
Uploading the new rule
Index
Code Snippets
Search in book...
Toggle Font Controls
Playlists
Add To
Create new playlist
Name your new playlist
Playlist description (optional)
Cancel
Create playlist
Sign In
Email address
Password
Forgot Password?
Create account
Login
or
Continue with Facebook
Continue with Google
Sign Up
Full Name
Email address
Confirm Email Address
Password
Login
Create account
or
Continue with Facebook
Continue with Google
Prev
Previous Chapter
Images
Next
Next Chapter
Images
Add Highlight
No Comment
..................Content has been hidden....................
You can't read the all page of ebook, please click
here
login for view all page.
Day Mode
Cloud Mode
Night Mode
Reset