Search icon CANCEL
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Microsoft Sentinel in Action

You're reading from   Microsoft Sentinel in Action Architect, design, implement, and operate Microsoft Sentinel as the core of your security solutions

Arrow left icon
Product type Paperback
Published in Feb 2022
Publisher Packt
ISBN-13 9781801815536
Length 478 pages
Edition 2nd Edition
Arrow right icon
Authors (2):
Arrow left icon
Richard Diver Richard Diver
Author Profile Icon Richard Diver
Richard Diver
Gary Bushey Gary Bushey
Author Profile Icon Gary Bushey
Gary Bushey
Arrow right icon
View More author details
Toc

Table of Contents (23) Chapters Close

Preface 1. Section 1: Design and Implementation
2. Chapter 1: Getting Started with Microsoft Sentinel FREE CHAPTER 3. Chapter 2: Azure Monitor – Introduction to Log Analytics 4. Section 2: Data Connectors, Management, and Queries
5. Chapter 3: Managing and Collecting Data 6. Chapter 4: Integrating Threat Intelligence with Microsoft Sentinel 7. Chapter 5: Using the Kusto Query Language (KQL) 8. Chapter 6: Microsoft Sentinel Logs and Writing Queries 9. Section 3: Security Threat Hunting
10. Chapter 7: Creating Analytic Rules 11. Chapter 8: Creating and Using Workbooks 12. Chapter 9: Incident Management 13. Chapter 10: Configuring and Using Entity Behavior 14. Chapter 11: Threat Hunting in Microsoft Sentinel 15. Section 4: Integration and Automation
16. Chapter 12: Creating Playbooks and Automation 17. Chapter 13: ServiceNow Integration for Alert and Case Management 18. Section 5: Operational Guidance
19. Chapter 14: Operational Tasks for Microsoft Sentinel 20. Chapter 15: Constant Learning and Community Contribution 21. Assessments 22. Other Books You May Enjoy

Security solution integrations

Microsoft Sentinel is designed to work with multiple security solutions, not just those that are developed by Microsoft.

At the most basic level, log collection and analysis are possible from any system that can transmit its logs via the Syslog collectors. More detailed logs are available from those that support CEF-encoded Syslog endpoints that share Windows event logs. The preferred method, however, is to have direct integration via APIs to enable two-way communication and help to manage the integrated solutions. More details relating to these options are included in Chapter 3, Managing and Collecting Data.

Common Event Format (CEF)

CEF is an industry-standard format applied to Syslog messages, used by most security vendors to ensure commonality between platforms. Microsoft Sentinel provides integrations to easily run analytics and queries across CEF data. For a full list of Microsoft Sentinel CEF source configurations, review the article at https://aka.ms/SentinelGrandlist.

Microsoft is continually developing integration options. At the time of writing, the list of integrated third-party solution providers includes the following:

Table 1.1 – Data connector list of companies

Table 1.1 – Data connector list of companies

As you can see from this list, many of the top security vendors are available directly in the portal. Microsoft Sentinel provides the ability to connect to a range of security data sources with built-in connectors, ingest the log data, and display dashboards using pre-defined workbooks.

You have been reading a chapter from
Microsoft Sentinel in Action - Second Edition
Published in: Feb 2022
Publisher: Packt
ISBN-13: 9781801815536
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime