You're reading from Microsoft Sentinel in Action Architect, design, implement, and operate Microsoft Sentinel as the core of your security solutions

Product type Paperback

Published in Feb 2022

Publisher Packt

ISBN-13 9781801815536

Length 478 pages

Edition 2nd Edition

Tools

Azure Functions

Concepts

Cybersecurity

Authors (2):

Richard Diver

Gary Bushey

View More author details

Table of Contents (23) Chapters

Preface

1. Section 1: Design and Implementation

2. Chapter 1: Getting Started with Microsoft Sentinel FREE CHAPTER

3. Chapter 2: Azure Monitor – Introduction to Log Analytics

4. Section 2: Data Connectors, Management, and Queries

5. Chapter 3: Managing and Collecting Data

6. Chapter 4: Integrating Threat Intelligence with Microsoft Sentinel

7. Chapter 5: Using the Kusto Query Language (KQL)

8. Chapter 6: Microsoft Sentinel Logs and Writing Queries

9. Section 3: Security Threat Hunting

10. Chapter 7: Creating Analytic Rules

11. Chapter 8: Creating and Using Workbooks

12. Chapter 9: Incident Management

13. Chapter 10: Configuring and Using Entity Behavior

14. Chapter 11: Threat Hunting in Microsoft Sentinel

15. Section 4: Integration and Automation

16. Chapter 12: Creating Playbooks and Automation

17. Chapter 13: ServiceNow Integration for Alert and Case Management

18. Section 5: Operational Guidance

19. Chapter 14: Operational Tasks for Microsoft Sentinel

20. Chapter 15: Constant Learning and Community Contribution

21. Assessments

22. Other Books You May Enjoy

Summary

In this chapter, we introduced Microsoft Sentinel and how it fits into the cloud security landscape. We explored some of the widely used acronyms for both problems and solutions and then provided a useful method of mapping these technical controls to the wide array of options available from many security platform providers today. We also looked at the future state of SOC architecture to ensure you can gain visibility and control across your entire infrastructure: physical, virtual, and cloud-hosted.

Finally, we looked at the potential cost of running Microsoft Sentinel as a core component of your security architecture and how to carry out the scenario-mapping exercise to ensure you are constantly reviewing the detections, the usefulness of the data, and your ability to detect and respond to current threats.

In the next chapter, we will take the first steps toward deploying Microsoft Sentinel by configuring an Azure Monitor Log Analytics workspace. Azure Monitor is the bedrock of Microsoft Sentinel for storing and searching log data. By understanding this data collection and analysis engine, you will gain a deeper understanding of the potential benefits of deploying Microsoft Sentinel in your environment.

You're reading from Microsoft Sentinel in Action Architect, design, implement, and operate Microsoft Sentinel as the core of your security solutions

Table of Contents (23) Chapters

Summary

Authors (2)

Personalised recommendations for you