Sign In Start Free Trial
Account

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learn Azure Sentinel
  • Table Of Contents Toc
  • Feedback & Rating feedback
Learn Azure Sentinel

Learn Azure Sentinel

By : Richard Diver, Gary Bushey
5 (3)
close
close
Learn Azure Sentinel

Learn Azure Sentinel

5 (3)
By: Richard Diver, Gary Bushey

Overview of this book

Azure Sentinel is a Security Information and Event Management (SIEM) tool developed by Microsoft to integrate cloud security and artificial intelligence (AI). Azure Sentinel not only helps clients identify security issues in their environment, but also uses automation to help resolve these issues. With this book, you’ll implement Azure Sentinel and understand how it can help find security incidents in your environment with integrated artificial intelligence, threat analysis, and built-in and community-driven logic. This book starts with an introduction to Azure Sentinel and Log Analytics. You’ll get to grips with data collection and management, before learning how to create effective Azure Sentinel queries to detect anomalous behaviors and patterns of activity. As you make progress, you’ll understand how to develop solutions that automate the responses required to handle security incidents. Finally, you’ll grasp the latest developments in security, discover techniques to enhance your cloud security architecture, and explore how you can contribute to the security community. By the end of this book, you’ll have learned how to implement Azure Sentinel to fit your needs and be able to protect your environment from cyber threats and other security issues.
Table of Contents (22 chapters)
close
close
1
Section 1: Design and Implementation
4
Section 2: Data Connectors, Management, and Queries
9
Section 3: Security Threat Hunting
14
Section 4: Integration and Automation
17
Section 5: Operational Guidance

Operational tasks for SOC engineers

In this section, we will provide an initial list of tasks that have been identified as engineering tasks. You can use this list as a starting point, and then add your own tasks based on what works for your specific requirements. Each component that is added to the SOC architecture will have its own task requirements—for example, if you integrate a Cloud Access Security Broker (CASB) solution, you will need to carry out similar tasks within that platform to ensure it is well maintained and sending the appropriate information to Azure Sentinel.

Daily tasks

A list of daily tasks is as follows:

  • Monitor the service health of all core components such as the Azure platform, Azure Active Directory (AD) for Identity and Access Management (IAM), and any data collection servers (syslog), ensuring dashboards are available and alerts are triggering as expected.
  • Review the planned maintenance, service health, and availability monitoring...

Unlock full access

Continue reading for free

A Packt free trial gives you instant online access to our library of over 7000 practical eBooks and videos, constantly updated with the latest in tech
bookmark search playlist download font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected

Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY