Foreword

Microsoft Sentinel, formerly Azure Sentinel, was introduced in 2019 to help organizations modernize security operations in the cloud. At that time, security operations teams—who were under increasing pressure to extend coverage across a growing digital estate, combat escalating threats, and improve efficiency—were beginning to look to the cloud for alternatives to expensive and underperforming on-premises systems. Since then, tens of thousands of customers have adopted a cloud-first approach to power their data and compute-intensive security operations workloads, with Microsoft Sentinel becoming the solution of choice because of its cloud-native architecture and industry leading intelligence and analytics capabilities. Today, some of the world’s largest Security Operations Centers (SOCs) run on Microsoft Sentinel, including Microsoft’s own SOC. As the hub for security operations, Microsoft Sentinel brings together data, analytics, and workflows to unify and accelerate threat detection and response across the customer’s entire digital estate. Microsoft Sentinel provides an extensible solution to power all facets of security operations (threat intelligence and hunting, detection and correlation, incident management, investigation, and remediation) and operate across all data sources.

In this second edition of Microsoft Sentinel: Planning and implementing Microsoft’s cloud-native SIEM solution, you will have the opportunity to learn from an expert team of cybersecurity experts and engineers who have helped countless customers and partners successfully transform their security operations. They will lay out the foundational aspects of architecting, implementing, and operationalizing Microsoft Sentinel for customers, large and small. Topics include data collection and archiving, threat hunting and detection, incident response and automation, threat intelligence, and more, with practical advice gained from real-world experience.

With the dynamic nature of the security landscape and rapid pace of innovation, this book provides the latest insights you need to realize the full potential of Microsoft Sentinel to help your SOC team achieve more.

Sarah Fender

Partner Director of Product Management

Microsoft Sentinel