Chapter 10: Threat Hunting in Azure Sentinel

Threat hunting is part science, part art, and part intuition. Usually, you are looking for something that may have happened in your environment. It may be that you think something has happened due to external events, such as something odd showing up in the workbooks, a notice from a threat intelligence feed, or even something you just read about on the internet, and you want to investigate. No matter why you are performing your hunt, the tools in Azure Sentinel, including queries and Jupyter Notebooks, remain the same.

Threat hunting is a series of activities that you will perform during your investigation. While there is no set guidance on how to perform threat hunting, this chapter will introduce ...

Get Learn Azure Sentinel now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Learn Azure Sentinel by Richard Diver, Gary Bushey

Chapter 10: Threat Hunting in Azure Sentinel

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly