You're reading from Microsoft Sentinel in Action Architect, design, implement, and operate Microsoft Sentinel as the core of your security solutions

Product type Paperback

Published in Feb 2022

Publisher Packt

ISBN-13 9781801815536

Length 478 pages

Edition 2nd Edition

Tools

Azure Functions

Concepts

Cybersecurity

Authors (2):

Richard Diver

Gary Bushey

View More author details

Table of Contents (23) Chapters

Preface

1. Section 1: Design and Implementation

2. Chapter 1: Getting Started with Microsoft Sentinel FREE CHAPTER

3. Chapter 2: Azure Monitor – Introduction to Log Analytics

4. Section 2: Data Connectors, Management, and Queries

5. Chapter 3: Managing and Collecting Data

6. Chapter 4: Integrating Threat Intelligence with Microsoft Sentinel

7. Chapter 5: Using the Kusto Query Language (KQL)

8. Chapter 6: Microsoft Sentinel Logs and Writing Queries

9. Section 3: Security Threat Hunting

10. Chapter 7: Creating Analytic Rules

11. Chapter 8: Creating and Using Workbooks

12. Chapter 9: Incident Management

13. Chapter 10: Configuring and Using Entity Behavior

14. Chapter 11: Threat Hunting in Microsoft Sentinel

15. Section 4: Integration and Automation

16. Chapter 12: Creating Playbooks and Automation

17. Chapter 13: ServiceNow Integration for Alert and Case Management

18. Section 5: Operational Guidance

19. Chapter 14: Operational Tasks for Microsoft Sentinel

20. Chapter 15: Constant Learning and Community Contribution

21. Assessments

22. Other Books You May Enjoy

Operational tasks for SOC analysts

In this section, we will provide an initial list of tasks that have been identified as operational requirements for SOC analysts. These tasks focus on the work required to create, maintain, and organize Microsoft Sentinel components to ensure operational efficiency.

Daily tasks

A list of daily tasks for SOC analysts is as follows:

Check the Incidents page to ensure any new incidents are assigned to an owner and all open or in-progress incidents are actively investigated to completion.
Go to the Hunting page and select Run all queries:
A. Review the results for each query that returns at least one result.
B. If any queries return a result of N/A, then investigate why the results are not available (you should at least receive a return of 0 as a result).
Review TI sources for current activities and new findings and apply any findings to your threat hunting procedures.

Weekly tasks

A list of weekly tasks for SOC analysts...

The rest of the chapter is locked

You're reading from Microsoft Sentinel in Action Architect, design, implement, and operate Microsoft Sentinel as the core of your security solutions

Table of Contents (23) Chapters

Operational tasks for SOC analysts

Daily tasks

Weekly tasks

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you