MicrosoftGÇÖs cloud-based Azure Sentinel helps you fully leverage advanced AI to automate threat identification and response GÇô without the complexity and scalability challenges of traditional Security Information and Event Management (SIEM) solutions. Now, three of MicrosoftGÇÖs leading experts review all it can do, and guide you step by step through planning, deployment, and daily operations. Leveraging in-the-trenches experience supporting early customers, they cover everything from configuration to data ingestion, rule development to incident management. Three of MicrosoftGÇÖs leading security operations experts show how to: Use Azure Sentinel to respond to todayGÇÖs fast-evolving cybersecurity environment, and leverage the benefits of its cloud-native architecture Review threat intelligence essentials: attacker motivations, potential targets, and tactics, techniques, and procedures Explore Azure Sentinel components, architecture, design considerations, and initial configuration Ingest alert log data from services and endpoints you need to monitor Build and validate rules to analyse ingested data and create cases for investigation Prevent alert fatigue by projecting how many incidents each rule will generate Help Security Operation Centers (SOCs) seamlessly manage each incidentGÇÖs lifecycle Move towards proactive threat hunting: identify sophisticated threat behaviors and disrupt cyber kill chains before youGÇÖre exploited Do more with data: use programmable Jupyter notebooks and their libraries for machine learning, visualisation, and data analysis Use Playbooks to perform Security Orchestration, Automation and Response (SOAR) Save resources by automating responses to low-level events Create visualisations to spot trends, identify or clarify relationships, and speed decisions Integrate with partners and other third-parties, including Fortinet, AWS, and Palo Alto
ISBN: 978-0-13-648545-2
