Introduction

Welcome to Microsoft Sentinel. This book was developed with the Microsoft Sentinel product group to provide in-depth information about Microsoft’s new cloud-based security information and event management (SIEM) system, Microsoft Sentinel, and to demonstrate best practices based on real-life experience with the product in different environments.

The purpose of this book is to introduce the wide array of capabilities available in Microsoft Sentinel. After being introduced to the primary-use case scenarios, you will learn how to deploy and operationalize Microsoft Sentinel for data collection, analytics, incident management, threat detection, and response.

Who is this book for?

Microsoft Sentinel is for anyone interested in security operations in general: cybersecurity analysts, security administrators, threat hunters, support professionals, and engineers.

Microsoft Sentinel is designed to be useful for Azure and non-Azure users. You can have no security experience, some experience, or be a security expert, and you will get value from Microsoft Sentinel. This book provides introductory, intermediate, and advanced coverage of a large swath of security issues that Microsoft Sentinel addresses.

The approach is a unique mix of didactic, narrative, and experiential instruction. The didactic approach covers the core introductions to the services. The narrative instruction leverages what you already understand. We bridge your current understanding with new concepts introduced in the book. Finally, the experiential component is presented in two ways. First, we share our experiences with Microsoft Sentinel, and second, we show you how to get the most out of Sentinel by explaining it in a stepwise, guided fashion. We show you how to configure Microsoft Sentinel to gain all the benefits it has to offer.

In this book, you will learn:

  • How to connect different data sources to Microsoft Sentinel

  • How to create security analytics

  • How to investigate a security incident in Microsoft Sentinel

System requirements

Anyone with access to a Microsoft Azure subscription can use the information in this book.

Errata, updates & book support

We’ve made every effort to ensure the accuracy of this book and its companion content. You can access updates to this book—in the form of a list of submitted errata and their related corrections—at:

MicrosoftPressStore.com/MicrosoftSentinel/errata

If you discover an error that is not already listed, please submit it to us at the same page.

For additional book support and information, please visit MicrosoftPressStore.com/Support.

Please note that product support for Microsoft software and hardware is not offered through the previous addresses. For help with Microsoft software or hardware, go to http://support.microsoft.com.

Stay in touch

Let’s keep the conversation going! We’re on Twitter: http://twitter.com/MicrosoftPress.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.133.137.169