Chapter 8: Microsoft Sentinel

Security Information and Event Management (SIEM) combines two solutions that were previously separate, Security Information Management (SIM) and Security Event Management (SEM).

We have already mentioned that large organizations rely on SIEM solutions. And Microsoft's SIEM solution for the cloud is Microsoft Sentinel. But let's first take a step back and discuss what SIEM is and what functionalities it should have.

We will be covering the following topics in this chapter:

  • Introduction to SIEM
  • Getting started with Microsoft Sentinel
  • Creating workbooks
  • Using threat hunting and notebooks

Introduction to SIEM

Many security compliance standards require long-term storage, where security-related logs should be kept ...

Get Mastering Azure Security - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.