You're reading from Microsoft Sentinel in Action Architect, design, implement, and operate Microsoft Sentinel as the core of your security solutions

Product type Paperback

Published in Feb 2022

Publisher Packt

ISBN-13 9781801815536

Length 478 pages

Edition 2nd Edition

Tools

Azure Functions

Concepts

Cybersecurity

Authors (2):

Richard Diver

Gary Bushey

View More author details

Table of Contents (23) Chapters

Preface

1. Section 1: Design and Implementation

2. Chapter 1: Getting Started with Microsoft Sentinel FREE CHAPTER

3. Chapter 2: Azure Monitor – Introduction to Log Analytics

4. Section 2: Data Connectors, Management, and Queries

5. Chapter 3: Managing and Collecting Data

6. Chapter 4: Integrating Threat Intelligence with Microsoft Sentinel

7. Chapter 5: Using the Kusto Query Language (KQL)

8. Chapter 6: Microsoft Sentinel Logs and Writing Queries

9. Section 3: Security Threat Hunting

10. Chapter 7: Creating Analytic Rules

11. Chapter 8: Creating and Using Workbooks

12. Chapter 9: Incident Management

13. Chapter 10: Configuring and Using Entity Behavior

14. Chapter 11: Threat Hunting in Microsoft Sentinel

15. Section 4: Integration and Automation

16. Chapter 12: Creating Playbooks and Automation

17. Chapter 13: ServiceNow Integration for Alert and Case Management

18. Section 5: Operational Guidance

19. Chapter 14: Operational Tasks for Microsoft Sentinel

20. Chapter 15: Constant Learning and Community Contribution

21. Assessments

22. Other Books You May Enjoy

Security solution integrations

Microsoft Sentinel is designed to work with multiple security solutions, not just those that are developed by Microsoft.

At the most basic level, log collection and analysis are possible from any system that can transmit its logs via the Syslog collectors. More detailed logs are available from those that support CEF-encoded Syslog endpoints that share Windows event logs. The preferred method, however, is to have direct integration via APIs to enable two-way communication and help to manage the integrated solutions. More details relating to these options are included in Chapter 3, Managing and Collecting Data.

Common Event Format (CEF)

CEF is an industry-standard format applied to Syslog messages, used by most security vendors to ensure commonality between platforms. Microsoft Sentinel provides integrations to easily run analytics and queries across CEF data. For a full list of Microsoft Sentinel CEF source configurations, review the article at https://aka.ms/SentinelGrandlist.

Microsoft is continually developing integration options. At the time of writing, the list of integrated third-party solution providers includes the following:

Table 1.1 – Data connector list of companies

As you can see from this list, many of the top security vendors are available directly in the portal. Microsoft Sentinel provides the ability to connect to a range of security data sources with built-in connectors, ingest the log data, and display dashboards using pre-defined workbooks.

You're reading from Microsoft Sentinel in Action Architect, design, implement, and operate Microsoft Sentinel as the core of your security solutions

Table of Contents (23) Chapters

Security solution integrations

Authors (2)

Personalised recommendations for you