Search icon Close icon
Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases now! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.

Change country

Modal Close icon
Country selected Country selected
country flag United States
Country selected
country flag United Kingdom
Country selected
country flag India
Country selected
country flag Germany
Country selected
country flag France
Country selected
country flag Canada
Country selected
country flag Russia
Country selected
country flag Spain
Country selected
country flag Brazil
Country selected
country flag Australia
Country selected
country flag Argentina
Country selected
country flag Austria
Country selected
country flag Belgium
Country selected
country flag Bulgaria
Country selected
country flag Chile
Country selected
country flag Colombia
Country selected
country flag Cyprus
Country selected
country flag Czechia
Country selected
country flag Denmark
Country selected
country flag Ecuador
Country selected
country flag Egypt
Country selected
country flag Estonia
Country selected
country flag Finland
Country selected
country flag Greece
Country selected
country flag Hungary
Country selected
country flag Indonesia
Country selected
country flag Ireland
Country selected
country flag Italy
Country selected
country flag Japan
Country selected
country flag Latvia
Country selected
country flag Lithuania
Country selected
country flag Luxembourg
Country selected
country flag Malaysia
Country selected
country flag Malta
Country selected
country flag Mexico
Country selected
country flag Netherlands
Country selected
country flag New Zealand
Country selected
country flag Norway
Country selected
country flag Philippines
Country selected
country flag Poland
Country selected
country flag Portugal
Country selected
country flag Romania
Country selected
country flag Singapore
Country selected
country flag Slovakia
Country selected
country flag Slovenia
Country selected
country flag South Africa
Country selected
country flag South Korea
Country selected
country flag Sweden
Country selected
country flag Switzerland
Country selected
country flag Taiwan
Country selected
country flag Thailand
Country selected
country flag Turkey
Country selected
country flag Ukraine
Country selected
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Learn Azure Sentinel

You're reading from   Learn Azure Sentinel Integrate Azure security with artificial intelligence to build secure cloud systems

Arrow left icon
Product type Paperback
Published in Apr 2020
Publisher Packt
ISBN-13 9781838980924
Length 422 pages
Edition 1st Edition
Tools
Concepts
Arrow right icon
Authors (2):
Arrow left icon
Gary Bushey Gary Bushey
Author Profile Icon Gary Bushey
Gary Bushey
LinkedIn
Gary Bushey is an Azure security expert with over 25 years of IT experience. He got his start early on when he helped his fifth-grade math teacher with their programming homework and worked all one summer to be able to afford his first computer, a Commodore 64. When he sold his first program, an apartment management system, at 14 he was hooked. During his career, he has worked as a developer, consultant, trainer, and architect. When not spending time in front of a computer, you can find him hiking in the woods, taking pictures, or just picking a direction and finding out what is around the next corner.
Read more
See other products by Gary Bushey
Richard Diver Richard Diver
Author Profile Icon Richard Diver
Richard Diver
LinkedIn
Richard Diver is a senior technical business strategy manager for the Microsoft Security Solutions group, focused on developing security partners. Based in Chicago, Richard works with advanced security and compliance partners to help them build solutions across the entire Microsoft platform, including Microsoft Sentinel, Microsoft Defender, Microsoft 365 security solutions, and many more. Prior to Microsoft, Richard worked in multiple industries and for several Microsoft partners to architect and implement cloud security solutions for a wide variety of customers around the world. Any spare time he gets is usually spent with his family.
Read more
See other products by Richard Diver
Arrow right icon
View More author details
Toc

Table of Contents (22) Chapters Close

Preface 1. Section 1: Design and Implementation
2. Chapter 1: Getting Started with Azure Sentinel FREE CHAPTER 3. Chapter 2: Azure Monitor – Log Analytics 4. Section 2: Data Connectors, Management, and Queries
5. Chapter 3: Managing and Collecting Data 6. Chapter 4: Integrating Threat Intelligence 7. Chapter 5: Using the Kusto Query Language (KQL) 8. Chapter 6: Azure Sentinel Logs and Writing Queries 9. Section 3: Security Threat Hunting
10. Chapter 7: Creating Analytic Rules 11. Chapter 8:Introducing Workbooks 12. Chapter 9:Incident Management 13. Chapter 10: Threat Hunting in Azure Sentinel 14. Section 4: Integration and Automation
15. Chapter 11: Creating Playbooks and Logic Apps 16. Chapter 12: ServiceNow Integration 17. Section 5: Operational Guidance
18. Chapter 13: Operational Tasks for Azure Sentinel 19. Chapter 14: Constant Learning and Community Contribution 20. Assessments 21. Other Books You May Enjoy

Working with Azure Sentinel Hunting queries

While there are a lot of pre-existing queries, with more being added all the time, there may be times when you need to add your own or modify an existing query to better suit your needs.

Adding a new query

To add a new query, click on the New Query button at the top of the Hunting page. This will open the Create custom query page, as shown in the following screenshot. This is very similar to creating a new scheduled query, as discussed in Chapter 7, Creating Analytic Rules, so you can read the Creating a new rule using the wizard section as a refresher:

Figure 10.7 – Adding a new query

Fill in the Name, Description, and Custom query fields. If your query has any entities, use the Entity mapping section to add the entity mapping to the query. Remember to add them one at a time. Finally, select one or more tactics (not shown in the screenshot) that this query is using.

Once all the information has been...

lock icon The rest of the chapter is locked
arrow left Previous Section
Section 3 of 10
Next Section arrow right
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Sign up now
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Start free trial
Renews at €18.99/month. Cancel anytime

Authors (2)

Left arrow icon
Profile icon Richard Diver
Richard Diver
LinkedIn icon
Richard Diver is a senior technical business strategy manager for the Microsoft Security Solutions group, focused on developing security partners. Based in Chicago, Richard works with advanced security and compliance partners to help them build solutions across the entire Microsoft platform, including Microsoft Sentinel, Microsoft Defender, Microsoft 365 security solutions, and many more. Prior to Microsoft, Richard worked in multiple industries and for several Microsoft partners to architect and implement cloud security solutions for a wide variety of customers around the world. Any spare time he gets is usually spent with his family.
Read more
See other products by Richard Diver
Profile icon Gary Bushey
Gary Bushey
Github icon
Gary Bushey is an Azure security expert with over 25 years of IT experience. He got his start early on when he helped his fifth-grade math teacher with their programming homework and worked all one summer to be able to afford his first computer, a Commodore 64. When he sold his first program, an apartment management system, at 14 he was hooked. During his career, he has worked as a developer, consultant, trainer, and architect. When not spending time in front of a computer, you can find him hiking in the woods, taking pictures, or just picking a direction and finding out what is around the next corner.
Read more
See other products by Gary Bushey
Right arrow icon

Other recommended products

Related to this chapter
Left arrow icon
Mastering Azure Security
Mastering Azure Security
Read more
Mastering Azure Security enables you to implement top-level security in your Azure tenant. With a focus on cloud security, this book will look at the architectural approach on how to design your Azure solutions to keep and enforce resources secure.
Read more
May 2020 8h 44m
Mastering Azure Security
Mastering Azure Security
Read more
Mastering Azure Security enables you to implement top-level security in your Azure tenant. With a focus on cloud security, this book will look at the architectural approach on how to design your Azure solutions to keep and enforce resources secure.
Read more
May 2020 8h 44m
Mastering Azure Security
Mastering Azure Security
Read more
Mastering Azure Security enables you to implement top-level security in your Azure tenant. With a focus on cloud security, this book will look at the architectural approach on how to design your Azure solutions to keep and enforce resources secure.
Read more
May 2020 8h 44m
Microsoft 365 Security Administration: MS-500 Exam Guide
Microsoft 365 Security Administration: MS-500 Exam Guide
Read more
MS-500: Microsoft 365 Security Administration offers complete, up-to-date coverage of the MS-500 exam so you can take it with confidence, fully equipped to pass the first time.
Read more
Jun 2020 22h 24m
Microsoft 365 Security Administration: MS-500 Exam Guide
Microsoft 365 Security Administration: MS-500 Exam Guide
Read more
MS-500: Microsoft 365 Security Administration offers complete, up-to-date coverage of the MS-500 exam so you can take it with confidence, fully equipped to pass the first time.
Read more
Jun 2020 22h 24m
Microsoft 365 Security Administration: MS-500 Exam Guide
Microsoft 365 Security Administration: MS-500 Exam Guide
Read more
MS-500: Microsoft 365 Security Administration offers complete, up-to-date coverage of the MS-500 exam so you can take it with confidence, fully equipped to pass the first time.
Read more
Jun 2020 22h 24m
Microsoft 365 Security Administration: MS-500 Exam Guide
Microsoft 365 Security Administration: MS-500 Exam Guide
Read more
MS-500: Microsoft 365 Security Administration offers complete, up-to-date coverage of the MS-500 exam so you can take it with confidence, fully equipped to pass the first time.
Read more
Jun 2020 22h 24m
Microsoft 365 Security Administration: MS-500 Exam Guide
Microsoft 365 Security Administration: MS-500 Exam Guide
Read more
MS-500: Microsoft 365 Security Administration offers complete, up-to-date coverage of the MS-500 exam so you can take it with confidence, fully equipped to pass the first time.
Read more
Jun 2020 22h 24m
Microsoft 365 Security Administration: MS-500 Exam Guide
Microsoft 365 Security Administration: MS-500 Exam Guide
Read more
MS-500: Microsoft 365 Security Administration offers complete, up-to-date coverage of the MS-500 exam so you can take it with confidence, fully equipped to pass the first time.
Read more
Jun 2020 22h 24m
Microsoft 365 Security Administration: MS-500 Exam Guide
Microsoft 365 Security Administration: MS-500 Exam Guide
Read more
MS-500: Microsoft 365 Security Administration offers complete, up-to-date coverage of the MS-500 exam so you can take it with confidence, fully equipped to pass the first time.
Read more
Jun 2020 22h 24m
Microsoft 365 Security Administration: MS-500 Exam Guide
Microsoft 365 Security Administration: MS-500 Exam Guide
Read more
MS-500: Microsoft 365 Security Administration offers complete, up-to-date coverage of the MS-500 exam so you can take it with confidence, fully equipped to pass the first time.
Read more
Jun 2020 22h 24m
Microsoft 365 Security Administration: MS-500 Exam Guide
Microsoft 365 Security Administration: MS-500 Exam Guide
Read more
MS-500: Microsoft 365 Security Administration offers complete, up-to-date coverage of the MS-500 exam so you can take it with confidence, fully equipped to pass the first time.
Read more
Jun 2020 22h 24m
Right arrow icon

Personalised recommendations for you

Based on your interests and search pattern
Left arrow icon
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
The Aspiring CIO and CISO
The Aspiring CIO and CISO
Read more
This book helps entry, mid-level, and senior managers master soft skills, craft a compelling brand, and strategically plan their career in C-suite roles with the help of expert insights needed for success in digital leadership and executive roles.
Read more
Jun 2024 8h 32m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
Malware Development for Ethical Hackers
Malware Development for Ethical Hackers
Read more
This book will help you understand malware development by delving into the intricate mechanisms of malware development, injection attacks, and advanced evasion strategies with over 80 real-life examples.
Read more
Jun 2024 13h 0m
Right arrow icon