Microsoft Sentinel: Planning and implementing Microsoft’s cloud-native SIEM solution, 2nd Edition
- Length: 240 pages
- Edition: 2
- Language: English
- Publisher: Microsoft Press
- Publication Date: 2022-08-29
- ISBN-10: 0137900937
- ISBN-13: 9780137900930
- Sales Rank: #641671 (See Top 100 Books)
Build next-generation security operations with Microsoft Sentinel
Microsoft Sentinel is the scalable, cloud-native, security information and event management (SIEM) solution for automating and streamlining threat identification and response across your enterprise. Now, three leading experts guide you step-by-step through planning, deployment, and operations, helping you use Microsoft Sentinel to escape the complexity and scalability challenges of traditional solutions. Fully updated for the latest enhancements, this edition introduces new use cases for investigation, hunting, automation, and orchestration across your enterprise and all your clouds. The authors clearly introduce each service, concisely explain all new concepts, and present proven best practices for maximizing Microsoft Sentinel’s value throughout security operations.
Three of Microsoft’s leading security operations experts show how to:
Review emerging challenges that make better cyberdefense an urgent priority See how Microsoft Sentinel responds by unifying alert detection, threat visibility, proactive hunting, and threat response Explore components, architecture, design, and initial configuration Ingest alerts and raw logs from all sources you need to monitor Define and validate rules that prevent alert fatigue Use threat intelligence, machine learning, and automation to triage issues and focus on high-value tasks Add context with User and Entity Behavior Analytics (UEBA) and Watchlists Hunt sophisticated new threats to disrupt cyber kill chains before you’re exploited Enrich incident management and threat hunting with Jupyter notebooks Use Playbooks to automate more incident handling and investigation tasks Create visualizations to spot trends, clarify relationships, and speed decisions Simplify integration with point-and-click data connectors that provide normalization, detection rules, queries, and Workbooks
About This Book
For cybersecurity analysts, security administrators, threat hunters, support professionals, engineers, and other IT professionals concerned with security operations For both Microsoft Azure and non-Azure users at all levels of experience
Cover Page Title Page Copyright Page Pearson’s Commitment to Diversity, Equity, and Inclusion Figure Credits Contents at a Glance Contents Foreword Acknowledgments About the authors Introduction Who is this book for? System requirements Errata, updates & book support Stay in touch Chapter 1. Security challenges for SecOps Current threat landscape Security Challenges for SecOps Threat intelligence Introducing Microsoft Sentinel Chapter 2. Introduction to Microsoft Sentinel Architecture Enabling Microsoft Sentinel Ingesting data from Microsoft solutions Accessing ingested data Chapter 3. Analytics Why use analytics for security? Understanding analytic rules Creating analytic rules Validating analytic rules Chapter 4. Incident management Understanding Microsoft Sentinel incidents Exploring and configuring the Incidents view Guides and feedback Triaging incidents Searching for specific incidents Incident details Teams integration Graphical investigation Chapter 5. Hunting Understanding threat hunting Threat hunting in Microsoft Sentinel Livestream Understanding cyberthreat intelligence Threat intelligence in Microsoft Sentinel Chapter 6. Notebooks Understanding Microsoft Sentinel Notebooks Configuring an AML workspace and compute Configuration steps to interact with your Microsoft Sentinel workspace The MSTICpy library Hunting and enrichment examples Chapter 7. Automating response The importance of SOAR Creating an automation rule Advanced automation with Playbooks Post-incident automation Chapter 8. Data visualization Microsoft Sentinel Workbooks Creating custom Workbooks Creating visualizations in Power BI and Excel Chapter 9. Data connectors Understanding data connectors Ingestion methods The Codeless Connector Platform Preparing for a new data connector Enabling and configuring a data connector Understanding the Amazon Web Services S3 connector Data connector health monitoring The Content Hub Appendix A. Introduction to Kusto Query Language The KQL query structure Data types Getting, limiting, sorting, and filtering data Summarizing data Adding and removing columns Joining tables Evaluate Let statements Suggested learning resources Appendix B. Microsoft Sentinel for managed security service providers Accessing the customer environment Cross-workspace features Security content management Index Code Snippets
Donate to keep this site alive
1. Disable the AdBlock plugin. Otherwise, you may not get any links.
2. Solve the CAPTCHA.
3. Click download link.
4. Lead to download server to download.