Microsoft Sentinel in Action
Packt Publishing Limited (Verlag)
978-1-80181-553-6 (ISBN)
Learn how to set up, configure, and use Microsoft Sentinel to provide security incident and event management services for your multi-cloud environment
Key Features
Collect, normalize, and analyze security information from multiple data sources
Integrate AI, machine learning, built-in and custom threat analyses, and automation to build optimal security solutions
Detect and investigate possible security breaches to tackle complex and advanced cyber threats
Book DescriptionMicrosoft Sentinel is a security information and event management (SIEM) tool developed by Microsoft that helps you integrate cloud security and artificial intelligence (AI). This book will teach you how to implement Microsoft Sentinel and understand how it can help detect security incidents in your environment with integrated AI, threat analysis, and built-in and community-driven logic.
The first part of this book will introduce you to Microsoft Sentinel and Log Analytics, then move on to understanding data collection and management, as well as how to create effective Microsoft Sentinel queries to detect anomalous behaviors and activity patterns. The next part will focus on useful features, such as entity behavior analytics and Microsoft Sentinel playbooks, along with exploring the new bi-directional connector for ServiceNow. In the next part, you'll be learning how to develop solutions that automate responses needed to handle security incidents and find out more about the latest developments in security, techniques to enhance your cloud security architecture, and explore how you can contribute to the security community.
By the end of this book, you'll have learned how to implement Microsoft Sentinel to fit your needs and protect your environment from cyber threats and other security issues.
What you will learn
Implement Log Analytics and enable Microsoft Sentinel and data ingestion from multiple sources
Tackle Kusto Query Language (KQL) coding
Discover how to carry out threat hunting activities in Microsoft Sentinel
Connect Microsoft Sentinel to ServiceNow for automated ticketing
Find out how to detect threats and create automated responses for immediate resolution
Use triggers and actions with Microsoft Sentinel playbooks to perform automations
Who this book is forYou'll get the most out of this book if you have a good grasp on other Microsoft security products and Azure, and are now looking to expand your knowledge to incorporate Microsoft Sentinel. Security experts who use an alternative SIEM tool and want to adopt Microsoft Sentinel as an additional or a replacement service will also find this book useful.
Richard Diver is a senior technical business strategy manager for the Microsoft Security Solutions group, focused on developing security partners. Based in Chicago, Richard works with advanced security and compliance partners to help them build solutions across the entire Microsoft platform, including Microsoft Sentinel, Microsoft Defender, Microsoft 365 security solutions, and many more. Prior to Microsoft, Richard worked in multiple industries and for several Microsoft partners to architect and implement cloud security solutions for a wide variety of customers around the world. Any spare time he gets is usually spent with his family. Gary Bushey is an Azure security expert with over 25 years of IT experience. He got his start early on when he helped his fifth-grade math teacher with their programming homework and worked all one summer to be able to afford his first computer, a Commodore 64. When he sold his first program, an apartment management system, at 14 he was hooked. During his career, he has worked as a developer, consultant, trainer, and architect. When not spending time in front of a computer, you can find him hiking in the woods, taking pictures, or just picking a direction and finding out what is around the next corner. John Perkins is the founder and principal of Threat Angler, a cybersecurity service provider that specializes in managed services, professional services, and training with a focus on delivering cybersecurity outcomes to customers of all shapes and sizes. John has over 20 years of experience in cybersecurity and has contributed to nearly all cybersecurity disciplines during his career. He has experience with numerous applications, including Microsoft Sentinel, and has designed, built, and led managed security services for several large service providers. In his free time, John enjoys spending time with his family, traveling, and staying active.
Table of Contents
Getting started with Microsoft Sentinel
Azure Monitor-Introduction to Log Analytics
Managing and collecting data
Integrating Threat Intelligence with Microsoft Sentinel
Using the Kusto Query Language
Microsoft Sentinel Logs and Writing Queries
Creating Analytic Rules
Creating and Using Workbooks
Incident Management
Configuring and Using Entity Behavior
Threat Hunting in Microsoft Sentinel
Creating Playbooks and Automation
ServiceNow integration for Alert and Case Management
Operational Tasks for Microsoft Sentinel
Constant Learning and Community Contribution
Erscheinungsdatum | 28.01.2022 |
---|---|
Verlagsort | Birmingham |
Sprache | englisch |
Maße | 75 x 93 mm |
Themenwelt | Informatik ► Netzwerke ► Sicherheit / Firewall |
Mathematik / Informatik ► Informatik ► Software Entwicklung | |
ISBN-10 | 1-80181-553-4 / 1801815534 |
ISBN-13 | 978-1-80181-553-6 / 9781801815536 |
Zustand | Neuware |
Haben Sie eine Frage zum Produkt? |
aus dem Bereich