Exam Ref SC-200 Microsoft Security Operations Analyst

Chapter 3 Mitigate threats using Azure Sentinel

Azure Sentinel is a cloud-based SIEM (security information and event management) solution. SIEM solutions have been in existence for a number of years, and their key purpose is to collect and correlate events across an organization’s IT environment to detect anomalous activities that might be indicative of a security breach. These alerts can then be dealt with by a security operations center (SOC) team to investigate, respond, and mitigate the issue that the SIEM has alerted on. Having an effective SIEM is critical to any organization’s security operations; you might have heard the phrase “that’s out of scope… said no attacker ever.” The fact is that attackers will use any vulnerable assets they ...

Get Exam Ref SC-200 Microsoft Security Operations Analyst now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Exam Ref SC-200 Microsoft Security Operations Analyst by Yuri Diogenes, Jake Mowrer, Sarah Young

Chapter 3

Mitigate threats using Azure Sentinel

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly