Preface

• Who this book is for
• What this book covers
• To get the most out of this book
• Download the color images
• Conventions used
• Get in touch
• Reviews

1. Section 1: Design and Implementation

2. Chapter 1: Getting Started with Azure Sentinel FREE CHAPTER

• The current cloud security landscape
• The cloud security reference framework
• SOC platform components
• Mapping the SOC architecture
• Security solution integrations
• Cloud platform integrations
• Private infrastructure integrations
• Service pricing for Azure Sentinel
• Scenario mapping
• Summary
• Questions
• Further reading

3. Chapter 2: Azure Monitor – Log Analytics

• Technical requirements
• Introduction to Azure Monitor Log Analytics
• Managing the permissions of the workspace
• Enabling Azure Sentinel
• Exploring the Azure Sentinel Overview page
• Advanced settings for Log Analytics
• Summary
• Questions
• Further reading

4. Section 2: Data Connectors, Management, and Queries

5. Chapter 3: Managing and Collecting Data

• Choosing data that matters
• Understanding connectors
• Configuring Azure Sentinel connectors
• Configuring Log Analytics storage options
• Summary
• Questions
• Further reading

6. Chapter 4: Integrating Threat Intelligence

• Introduction to TI
• Understanding STIX and TAXII
• Choosing the right intel feeds for your needs
• Implementing TI connectors
• Summary
• Questions
• Further reading

7. Chapter 5: Using the Kusto Query Language (KQL)

• Running KQL queries
• Introduction to KQL commands
• Summary
• Questions
• Further reading

8. Chapter 6: Azure Sentinel Logs and Writing Queries

• An introduction to the Azure Sentinel Logs page
• Navigating through the Logs page
• Writing a query
• Summary
• Questions
• Further reading

9. Section 3: Security Threat Hunting

10. Chapter 7: Creating Analytic Rules

• An introduction to Azure Sentinel Analytics
• Creating an analytic rule
• Managing analytic rules
• Summary
• Questions
• Further reading

11. Chapter 8:Introducing Workbooks

• An overview of the Workbooks page
• Walking through an existing workbook
• Creating workbooks
• Editing a workbook
• Managing workbooks
• Workbook step types
• Summary
• Questions
• Further reading

12. Chapter 9:Incident Management

• Using the Azure Sentinel Incidents page
• Exploring the full details page
• Investigating an incident
• Summary
• Questions
• Further reading

13. Chapter 10: Threat Hunting in Azure Sentinel

• Introducing the Azure Sentinel Hunting page
• Working with Azure Sentinel Hunting queries
• Working with Livestream
• Working with bookmarks
• Using Azure Sentinel Notebooks
• Performing a hunt
• Summary
• Questions
• Further reading

14. Section 4: Integration and Automation

15. Chapter 11: Creating Playbooks and Logic Apps

• Introduction to Azure Sentinel playbooks
• Playbook pricing
• Overview of the Azure Sentinel connector
• Exploring the Playbooks page
• Logic Apps settings page
• Creating a new playbook
• Using the Logic Apps Designer page
• Creating a simple Azure Sentinel playbook
• Summary
• Questions
• Further reading

16. Chapter 12: ServiceNow Integration

• Overview of Azure Sentinel alerts
• Overview of IT Service Management (ITSM)
• Logging in to ServiceNow
• Creating a playbook to trigger a ticket in ServiceNow
• Summary
• Questions
• Further reading

17. Section 5: Operational Guidance

18. Chapter 13: Operational Tasks for Azure Sentinel

• Dividing SOC duties
• Operational tasks for SOC engineers
• Operational tasks for SOC analysts
• Summary
• Questions

19. Chapter 14: Constant Learning and Community Contribution

• Official resources from Microsoft
• Resources for SOC operations
• Using GitHub
• Specific components and supporting technologies
• Summary

20. Assessments

• Chapter 2
• Chapter 3
• Chapter 4
• Chapter 5
• Chapter 6
• Chapter 7
• Chapter 8
• Chapter 9
• Chapter 10
• Chapter 11
• Chapter 12
• Chapter 13

21. Other Books You May Enjoy

• Leave a review - let other readers know what you think