Build next-generation security operations with Microsoft SentinelMicrosoft Sentinel is the scalable, cloud-native, security information and event management (SIEM) solution for automating and streamlining threat identification and response across your enterprise. Now, three leading experts guide you step-by-step through planning, deployment, and operations, helping you use Microsoft Sentinel to escape the complexity and scalability challenges of traditional solutions. Fully updated for the latest enhancements, this edition introduces new use cases for investigation, hunting, automation, and orchestration across your enterprise and all your clouds. The authors clearly introduce each service, concisely explain all new concepts, and present proven best practices for maximizing Microsoft Sentinel's value throughout security operations. Three of Microsoft's leading security operations experts show how to:Review emerging challenges that make better cyberdefense an urgent prioritySee how Microsoft Sentinel responds by unifying alert detection, threat visibility, proactive hunting, and threat responseExplore components, architecture, design, and initial configurationIngest alerts and raw logs from all sources you need to monitorDefine and validate rules that prevent alert fatigueUse threat intelligence, machine learning, and automation to triage issues and focus on high-value tasksAdd context with User and Entity Behavior Analytics (UEBA) and WatchlistsHunt sophisticated new threats to disrupt cyber kill chains before you're exploitedEnrich incident management and threat hunting with Jupyter notebooksUse Playbooks to automate more incident handling and investigation tasksCreate visualizations to spot trends, clarify relationships, and speed decisionsSimplify integration with point-and-click data connectors that provide normalization, detection rules, queries, and Workbooks About This BookFor cybersecurity analysts, security administrators, threat hunters, support professionals, engineers, and other IT professionals concerned with security operationsFor both Microsoft Azure and non-Azure users at all levels of experience
Build next-generation security operations with Microsoft SentinelMicrosoft Sentinel is the scalable, cloud-native, security information and event management (SIEM) solution for automating and streamlining threat identification and response across your enterprise. Now, three leading experts guide you step-by-step through planning, deployment, and operations, helping you use Microsoft Sentinel to escape the complexity and scalability challenges of traditional solutions. Fully updated for the latest enhancements, this edition introduces new use cases for investigation, hunting, automation, and orchestration across your enterprise and all your clouds. The authors clearly introduce each service, concisely explain all new concepts, and present proven best practices for maximizing Microsoft Sentinel's value throughout security operations. Three of Microsoft's leading security operations experts show how to:Review emerging challenges that make better cyberdefense an urgent prioritySee how Microsoft Sentinel responds by unifying alert detection, threat visibility, proactive hunting, and threat responseExplore components, architecture, design, and initial configurationIngest alerts and raw logs from all sources you need to monitorDefine and validate rules that prevent alert fatigueUse threat intelligence, machine learning, and automation to triage issues and focus on high-value tasksAdd context with User and Entity Behavior Analytics (UEBA) and WatchlistsHunt sophisticated new threats to disrupt cyber kill chains before you're exploitedEnrich incident management and threat hunting with Jupyter notebooksUse Playbooks to automate more incident handling and investigation tasksCreate visualizations to spot trends, clarify relationships, and speed decisionsSimplify integration with point-and-click data connectors that provide normalization, detection rules, queries, and Workbooks About This BookFor cybersecurity analysts, security administrators, threat hunters, support professionals, engineers, and other IT professionals concerned with security operationsFor both Microsoft Azure and non-Azure users at all levels of experience
Über den Autor
YURI DIOGENES is a Senior Content Developer on the CSI Enterprise Mobility and Security Team, focusing on enterprise mobility solutions, Azure Security Center, and OMS Security. Previously, Yuri worked at Microsoft as a writer for the Windows Security team and as a Support Escalation Engineer for the CSS Forefront team. He has a Master of Science degree in Cybersecurity Intelligence and Forensics from Utica College and an MBA from FGF in Brazil, and he holds several industry certifications. He is co-author of Enterprise Mobility Suite–Managing BYOD and Company-Owned Devices (Microsoft Press, 2015), Microsoft Forefront Threat Management Gateway (TMG) Administrator’s Companion (Microsoft Press, 2010), and three other Forefront titles from Microsoft [...]. THOMAS SHINDER is a program manager in Azure Security Engineering and a 20-year veteran in IT security. Tom is best known for his work with ISA Server and TMG, publishing nine books on those topics. He was also the leading voice at [...]. After joining Microsoft in 2009, Tom spent time on the UAG DirectAccess team and then took a 3-year vacation from security to be a cloud infrastructure specialist and architect. He’s now back where he belongs in security, and spends a good deal of time hugging his Azure Security Center console and hiding his secrets in Azure Key [...] LITTLEJOHN SHINDER, MCSE, is a former police officer and police academy instructor who is self-employed as a technology consultant, trainer, and writer, specializing in network and cloud security. She has authored a number of books, including Scene of the Cybercrime: Computer Forensics Handbook (Syngress Publishing, 2002) and Computer Networking Essentials (Cisco Press, 2001). She has co-authored more than 20 additional books and worked as a tech editor, developmental editor, and contributor to more than 15 books. Deb is a lead author for [...] and [...], and a long-time contributor to the GFI Software blog and other technology publications, with more than 1,500 published articles in print magazines and on websites. Deb focuses on Microsoft products, and has been awarded the Microsoft MVP (Most Valuable Professional) award in the field of enterprise security for 14 years in a row. She lives and works in the Dallas-Fort Worth area and has taught law enforcement, computer networking, and security courses at Eastfield College in Mesquite, Texas. She currently sits on the advisory board of the Eastfield Criminal Justice Training Center Police Academy.
Inhaltsverzeichnis
CHAPTER 1: Security challenges for SecOps
CHAPTER 2: Introduction to Microsoft Sentinel
CHAPTER 3: Analytics
CHAPTER 4: Incident management
CHAPTER 5: Hunting
CHAPTER 6: Notebooks
CHAPTER 7: Automating response
CHAPTER 8: Data visualization
CHAPTER 9: Data connectors
APPENDIX A: Introduction to Kusto Query Language
APPENDIX B: Microsoft Sentinel for managed security service providers
