8 Security operations and response: Microsoft Sentinel
This chapter covers
- Security information and event management
- Microsoft Sentinel
- Data collection
- Analytics rules
- Incidents
- User entity behavior analytics
- Security orchestration, automation, and response
- Automation rules
As you learned in chapter 7, enabling threat detection for commonly used resource types in Azure (such as your virtual machines [VMs], containers, storage accounts, and others) notifies you about suspicious activities and potential signs of compromise in your Azure environment. Many organizations, in addition to infrastructure-as-a-service (IaaS) and platform-as-a-service (PaaS) resources, use software-as-a-service (SaaS) applications (such as Microsoft 365 or SAP). To complicate ...
Get Azure Security now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
