Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learn Azure Sentinel
  • Table Of Contents Toc
  • Feedback & Rating feedback
Learn Azure Sentinel

Learn Azure Sentinel

By : Richard Diver, Gary Bushey
5 (3)
Buy this Book
close
close
Learn Azure Sentinel

Learn Azure Sentinel

5 (3)
By: Richard Diver, Gary Bushey
Buy this Book

Overview of this book

Azure Sentinel is a Security Information and Event Management (SIEM) tool developed by Microsoft to integrate cloud security and artificial intelligence (AI). Azure Sentinel not only helps clients identify security issues in their environment, but also uses automation to help resolve these issues. With this book, you’ll implement Azure Sentinel and understand how it can help find security incidents in your environment with integrated artificial intelligence, threat analysis, and built-in and community-driven logic. This book starts with an introduction to Azure Sentinel and Log Analytics. You’ll get to grips with data collection and management, before learning how to create effective Azure Sentinel queries to detect anomalous behaviors and patterns of activity. As you make progress, you’ll understand how to develop solutions that automate the responses required to handle security incidents. Finally, you’ll grasp the latest developments in security, discover techniques to enhance your cloud security architecture, and explore how you can contribute to the security community. By the end of this book, you’ll have learned how to implement Azure Sentinel to fit your needs and be able to protect your environment from cyber threats and other security issues.
Table of Contents (22 chapters)
close
close
close
Preface
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
1
Section 1: Design and Implementation
Section 1: Design and Implementation
Free Chapter
2
Chapter 1: Getting Started with Azure Sentinel
Chapter 1: Getting Started with Azure Sentinel
The current cloud security landscape
The cloud security reference framework
SOC platform components
Mapping the SOC architecture
Security solution integrations
Cloud platform integrations
Private infrastructure integrations
Service pricing for Azure Sentinel
Scenario mapping
Summary
Questions
Further reading
3
Chapter 2: Azure Monitor – Log Analytics
Chapter 2: Azure Monitor – Log Analytics
Technical requirements
Introduction to Azure Monitor Log Analytics
Managing the permissions of the workspace
Enabling Azure Sentinel
Exploring the Azure Sentinel Overview page
Advanced settings for Log Analytics
Summary
Questions
Further reading
4
Section 2: Data Connectors, Management, and Queries
Section 2: Data Connectors, Management, and Queries
5
Chapter 3: Managing and Collecting Data
Chapter 3: Managing and Collecting Data
Choosing data that matters
Understanding connectors
Configuring Azure Sentinel connectors
Configuring Log Analytics storage options
Summary
Questions
Further reading
6
Chapter 4: Integrating Threat Intelligence
Chapter 4: Integrating Threat Intelligence
Introduction to TI
Understanding STIX and TAXII
Choosing the right intel feeds for your needs
Implementing TI connectors
Summary
Questions
Further reading
7
Chapter 5: Using the Kusto Query Language (KQL)
Chapter 5: Using the Kusto Query Language (KQL)
Running KQL queries
Introduction to KQL commands
Summary
Questions
Further reading
8
Chapter 6: Azure Sentinel Logs and Writing Queries
Chapter 6: Azure Sentinel Logs and Writing Queries
An introduction to the Azure Sentinel Logs page
Navigating through the Logs page
Writing a query
Summary
Questions
Further reading
9
Section 3: Security Threat Hunting
Section 3: Security Threat Hunting
10
Chapter 7: Creating Analytic Rules
Chapter 7: Creating Analytic Rules
An introduction to Azure Sentinel Analytics
Creating an analytic rule
Managing analytic rules
Summary
Questions
Further reading
11
Chapter 8:Introducing Workbooks
Chapter 8:Introducing Workbooks
An overview of the Workbooks page
Walking through an existing workbook
Creating workbooks
Editing a workbook
Managing workbooks
Workbook step types
Summary
Questions
Further reading
12
Chapter 9:Incident Management
Chapter 9:Incident Management
Using the Azure Sentinel Incidents page
Exploring the full details page
Investigating an incident
Summary
Questions
Further reading
13
Chapter 10: Threat Hunting in Azure Sentinel
Chapter 10: Threat Hunting in Azure Sentinel
Introducing the Azure Sentinel Hunting page
Working with Azure Sentinel Hunting queries
Working with Livestream
Working with bookmarks
Using Azure Sentinel Notebooks
Performing a hunt
Summary
Questions
Further reading
14
Section 4: Integration and Automation
Section 4: Integration and Automation
15
Chapter 11: Creating Playbooks and Logic Apps
Chapter 11: Creating Playbooks and Logic Apps
Introduction to Azure Sentinel playbooks
Playbook pricing
Overview of the Azure Sentinel connector
Exploring the Playbooks page
Logic Apps settings page
Creating a new playbook
Using the Logic Apps Designer page
Creating a simple Azure Sentinel playbook
Summary
Questions
Further reading
16
Chapter 12: ServiceNow Integration
chevron up
Chapter 12: ServiceNow Integration
Overview of Azure Sentinel alerts
Overview of IT Service Management (ITSM)
Logging in to ServiceNow
Creating a playbook to trigger a ticket in ServiceNow
Summary
Questions
Further reading
17
Section 5: Operational Guidance
Section 5: Operational Guidance
18
Chapter 13: Operational Tasks for Azure Sentinel
Chapter 13: Operational Tasks for Azure Sentinel
Dividing SOC duties
Operational tasks for SOC engineers
Operational tasks for SOC analysts
Summary
Questions
19
Chapter 14: Constant Learning and Community Contribution
Chapter 14: Constant Learning and Community Contribution
Official resources from Microsoft
Resources for SOC operations
Using GitHub
Specific components and supporting technologies
Summary
20
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
21
Other Books You May Enjoy
Other Books You May Enjoy
Leave a review - let other readers know what you think

Overview of Azure Sentinel alerts

The key benefit of using Azure Sentinel is the centralization of logs and alerts from multiple systems across your organization. By centralizing the information, and enhancing it with threat intelligence, it is possible to build a full picture of the potential malicious activities occurring in any system.

In Chapter 7, Creating Analytic Rules, we covered the ability to create analytic rules and queries, using Kusto Query Language (KQL), to monitor and detect activities across a wide range of data sources gathered by Azure Sentinel, and generate alerts based on these detections. The rules may be created manually to detect known activities and behaviors, or they may include machine learning algorithms to enhance detection capabilities.

To prevent overloading the IT and security teams with too much irrelevant information, the alerting rules can be configured to ensure a high degree of confidence that the issue is both relevant and important. It...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
Start a 7-day FREE trial
End of Section 2
Next Section
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY