Microsoft Azure Sentinel: Planning and implementing Microsoft's cloud-native SIEM solution

Microsoft Sentinel is a scalable, cloud-native SIEM solution for automating and streamlining threat identification and response across enterprises. This book provides step-by-step guidance for planning, deployment, and operations, with new use cases for investigation, hunting, automation, and orchestration. It covers components, architecture, design, initial configuration, alert ingestion, rule definition, threat intelligence, machine learning, automation, UEBA, Watchlists, hunting, incident management, and threat hunting.

Format: Paperback / softback
Length: 240 pages
Publication date: 29 August 2022
Publisher: Pearson Education (US)

Microsoft Sentinel is a cutting-edge security information and event management (SIEM) solution designed to revolutionize the way organizations automate and streamline their threat identification and response processes. Developed by Microsoft, this cloud-native solution offers unparalleled scalability and flexibility, making it an ideal choice for enterprises of all sizes.

In this comprehensive guide, three renowned experts in security operations take you step-by-step through the planning, deployment, and operations of Microsoft Sentinel. They provide invaluable insights and best practices to help you leverage the full potential of this powerful SIEM tool.

The book begins by examining the emerging challenges that make cyberdefense an urgent priority. It then delves into how Microsoft Sentinel responds to these challenges by unifying alert detection, threat visibility, proactive hunting, and threat response. The authors explain the key components of Microsoft Sentinel, including its architecture, design, and initial configuration.

They also guide you through the process of ingesting alerts and raw logs from various sources, enabling you to monitor your enterprise effectively. The book emphasizes the importance of defining and validating rules to prevent alert fatigue and ensure that critical incidents are prioritized.

Using threat intelligence, machine learning, and automation, the authors demonstrate how Microsoft Sentinel can triage issues and focus on high-value tasks. They discuss the use of User and Entity Behavior Analytics (UEBA) and Watchlists to add context to incidents and enhance the investigation process.

Furthermore, the book explores advanced hunting techniques, such as sophisticated new threats to disrupt cyber kill chains and the use of Jupyter notebooks to enrich incident management and threat hunting. Playbooks are introduced as a powerful tool for automating more incident handling and investigation tasks, while visualizations are used to spot trends, clarify relationships, and speed up decision-making.

By following the guidance provided in this book, you will be able to build next-generation security operations with Microsoft Sentinel and stay ahead of the evolving threat landscape. Whether you are a security professional, IT administrator, or business leader, this comprehensive guide will help you maximize the value of Microsoft Sentinel and enhance your organization's cybersecurity posture.

Weight: 408g
Dimension: 186 x 232 x 16 (mm)
ISBN-13: 9780137900930
Edition number: 2 ed