Browse Library
Sign In Start Free Trial
Close icon Search icon
Account
Browse Library Advanced Search Sign In Start Free Trial

Add to playlist

Create a Playlist

Modal Close icon
You need to login to use this feature.
  • Book Overview & Buying Learn Azure Sentinel
  • Table Of Contents Toc
  • Feedback & Rating feedback
Learn Azure Sentinel

Learn Azure Sentinel

By : Richard Diver, Gary Bushey
5 (3)
Buy this Book
close
close
Learn Azure Sentinel

Learn Azure Sentinel

5 (3)
By: Richard Diver, Gary Bushey
Buy this Book

Overview of this book

Azure Sentinel is a Security Information and Event Management (SIEM) tool developed by Microsoft to integrate cloud security and artificial intelligence (AI). Azure Sentinel not only helps clients identify security issues in their environment, but also uses automation to help resolve these issues. With this book, you’ll implement Azure Sentinel and understand how it can help find security incidents in your environment with integrated artificial intelligence, threat analysis, and built-in and community-driven logic. This book starts with an introduction to Azure Sentinel and Log Analytics. You’ll get to grips with data collection and management, before learning how to create effective Azure Sentinel queries to detect anomalous behaviors and patterns of activity. As you make progress, you’ll understand how to develop solutions that automate the responses required to handle security incidents. Finally, you’ll grasp the latest developments in security, discover techniques to enhance your cloud security architecture, and explore how you can contribute to the security community. By the end of this book, you’ll have learned how to implement Azure Sentinel to fit your needs and be able to protect your environment from cyber threats and other security issues.
Table of Contents (22 chapters)
close
close
Preface
In Progress | 0 / 8 sections completed | 0%
Icon
Preface
Icon
Who this book is for
Icon
What this book covers
Icon
To get the most out of this book
Icon
Download the color images
Icon
Conventions used
Icon
Get in touch
Icon
Reviews
1
Section 1: Design and Implementation
In Progress | 0 / 1 sections completed | 0%
Icon
Section 1: Design and Implementation
Free Chapter
2
Chapter 1: Getting Started with Azure Sentinel
In Progress | 0 / 13 sections completed | 0%
chevron up
Icon
Chapter 1: Getting Started with Azure Sentinel
Icon
The current cloud security landscape
Icon
The cloud security reference framework
Icon
SOC platform components
Icon
Mapping the SOC architecture
Icon
Security solution integrations
Icon
Cloud platform integrations
Icon
Private infrastructure integrations
Icon
Service pricing for Azure Sentinel
Icon
Scenario mapping
Icon
Summary
Icon
Questions
Icon
Further reading
3
Chapter 2: Azure Monitor – Log Analytics
In Progress | 0 / 10 sections completed | 0%
Icon
Chapter 2: Azure Monitor – Log Analytics
Icon
Technical requirements
Icon
Introduction to Azure Monitor Log Analytics
Icon
Managing the permissions of the workspace
Icon
Enabling Azure Sentinel
Icon
Exploring the Azure Sentinel Overview page
Icon
Advanced settings for Log Analytics
Icon
Summary
Icon
Questions
Icon
Further reading
4
Section 2: Data Connectors, Management, and Queries
In Progress | 0 / 1 sections completed | 0%
Icon
Section 2: Data Connectors, Management, and Queries
5
Chapter 3: Managing and Collecting Data
In Progress | 0 / 8 sections completed | 0%
Icon
Chapter 3: Managing and Collecting Data
Icon
Choosing data that matters
Icon
Understanding connectors
Icon
Configuring Azure Sentinel connectors
Icon
Configuring Log Analytics storage options
Icon
Summary
Icon
Questions
Icon
Further reading
6
Chapter 4: Integrating Threat Intelligence
In Progress | 0 / 8 sections completed | 0%
Icon
Chapter 4: Integrating Threat Intelligence
Icon
Introduction to TI
Icon
Understanding STIX and TAXII
Icon
Choosing the right intel feeds for your needs
Icon
Implementing TI connectors
Icon
Summary
Icon
Questions
Icon
Further reading
7
Chapter 5: Using the Kusto Query Language (KQL)
In Progress | 0 / 6 sections completed | 0%
Icon
Chapter 5: Using the Kusto Query Language (KQL)
Icon
Running KQL queries
Icon
Introduction to KQL commands
Icon
Summary
Icon
Questions
Icon
Further reading
8
Chapter 6: Azure Sentinel Logs and Writing Queries
In Progress | 0 / 7 sections completed | 0%
Icon
Chapter 6: Azure Sentinel Logs and Writing Queries
Icon
An introduction to the Azure Sentinel Logs page
Icon
Navigating through the Logs page
Icon
Writing a query
Icon
Summary
Icon
Questions
Icon
Further reading
9
Section 3: Security Threat Hunting
In Progress | 0 / 1 sections completed | 0%
Icon
Section 3: Security Threat Hunting
10
Chapter 7: Creating Analytic Rules
In Progress | 0 / 7 sections completed | 0%
Icon
Chapter 7: Creating Analytic Rules
Icon
An introduction to Azure Sentinel Analytics
Icon
Creating an analytic rule
Icon
Managing analytic rules
Icon
Summary
Icon
Questions
Icon
Further reading
11
Chapter 8:Introducing Workbooks
In Progress | 0 / 10 sections completed | 0%
Icon
Chapter 8:Introducing Workbooks
Icon
An overview of the Workbooks page
Icon
Walking through an existing workbook
Icon
Creating workbooks
Icon
Editing a workbook
Icon
Managing workbooks
Icon
Workbook step types
Icon
Summary
Icon
Questions
Icon
Further reading
12
Chapter 9:Incident Management
In Progress | 0 / 7 sections completed | 0%
Icon
Chapter 9:Incident Management
Icon
Using the Azure Sentinel Incidents page
Icon
Exploring the full details page
Icon
Investigating an incident
Icon
Summary
Icon
Questions
Icon
Further reading
13
Chapter 10: Threat Hunting in Azure Sentinel
In Progress | 0 / 10 sections completed | 0%
Icon
Chapter 10: Threat Hunting in Azure Sentinel
Icon
Introducing the Azure Sentinel Hunting page
Icon
Working with Azure Sentinel Hunting queries
Icon
Working with Livestream
Icon
Working with bookmarks
Icon
Using Azure Sentinel Notebooks
Icon
Performing a hunt
Icon
Summary
Icon
Questions
Icon
Further reading
14
Section 4: Integration and Automation
In Progress | 0 / 1 sections completed | 0%
Icon
Section 4: Integration and Automation
15
Chapter 11: Creating Playbooks and Logic Apps
In Progress | 0 / 12 sections completed | 0%
Icon
Chapter 11: Creating Playbooks and Logic Apps
Icon
Introduction to Azure Sentinel playbooks
Icon
Playbook pricing
Icon
Overview of the Azure Sentinel connector
Icon
Exploring the Playbooks page
Icon
Logic Apps settings page
Icon
Creating a new playbook
Icon
Using the Logic Apps Designer page
Icon
Creating a simple Azure Sentinel playbook
Icon
Summary
Icon
Questions
Icon
Further reading
16
Chapter 12: ServiceNow Integration
In Progress | 0 / 8 sections completed | 0%
Icon
Chapter 12: ServiceNow Integration
Icon
Overview of Azure Sentinel alerts
Icon
Overview of IT Service Management (ITSM)
Icon
Logging in to ServiceNow
Icon
Creating a playbook to trigger a ticket in ServiceNow
Icon
Summary
Icon
Questions
Icon
Further reading
17
Section 5: Operational Guidance
In Progress | 0 / 1 sections completed | 0%
Icon
Section 5: Operational Guidance
18
Chapter 13: Operational Tasks for Azure Sentinel
In Progress | 0 / 6 sections completed | 0%
Icon
Chapter 13: Operational Tasks for Azure Sentinel
Icon
Dividing SOC duties
Icon
Operational tasks for SOC engineers
Icon
Operational tasks for SOC analysts
Icon
Summary
Icon
Questions
19
Chapter 14: Constant Learning and Community Contribution
In Progress | 0 / 6 sections completed | 0%
Icon
Chapter 14: Constant Learning and Community Contribution
Icon
Official resources from Microsoft
Icon
Resources for SOC operations
Icon
Using GitHub
Icon
Specific components and supporting technologies
Icon
Summary
20
Assessments
In Progress | 0 / 13 sections completed | 0%
Icon
Chapter 1
Icon
Chapter 2
Icon
Chapter 3
Icon
Chapter 4
Icon
Chapter 5
Icon
Chapter 6
Icon
Chapter 7
Icon
Chapter 8
Icon
Chapter 9
Icon
Chapter 10
Icon
Chapter 11
Icon
Chapter 12
Icon
Chapter 13
21
Other Books You May Enjoy
In Progress | 0 / 2 sections completed | 0%
Icon
Other Books You May Enjoy
Icon
Leave a review - let other readers know what you think

Scenario mapping

For the final section of this chapter, we are going to look at an important part of SOC development: scenario mapping. This process is carried out on a regular basis to ensure that tools and procedures are tuned for effective analysis and have the right data flow and that responses are well defined to ensure appropriate actions are taken upon detection of potential and actual threats. To make this an effective exercise, we recommend involving a range of different people with diverse skill sets and viewpoints, both technical and non-technical. You can also involve external consultants with specific skills and experience in threat hunting, defense, and attack techniques.

The following process is provided as a starting point. We encourage you to define your own approach to scenario mapping and improve it each time the exercise is carried out.

Step 1 – Define the new scenarios

In this first step, we articulate one scenario at a time; you may want to use...

End of Section 10
Next Section

Create a Note

Modal Close icon
You need to login to use this feature.
notes
bookmark search playlist download
font-size

Change the font size

margin-width

Change margin width

day-mode

Change background colour

Close icon Search
Country selected
Close icon Your notes and bookmarks

Delete Bookmark

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Delete Note

Modal Close icon
Are you sure you want to delete it?
Cancel
Yes, Delete

Confirmation

Modal Close icon
claim successful
Order Page Read Now

Buy this book with your credits?

Modal Close icon
Are you sure you want to buy this book with one of your credits?
Close
YES, BUY