Chapter 8: Microsoft Sentinel

Security Information and Event Management (SIEM) combines two solutions that were previously separate, Security Information Management (SIM) and Security Event Management (SEM).

We have already mentioned that large organizations rely on SIEM solutions. And Microsoft's SIEM solution for the cloud is Microsoft Sentinel. But let's first take a step back and discuss what SIEM is and what functionalities it should have.

We will be covering the following topics in this chapter:

Introduction to SIEM
Getting started with Microsoft Sentinel
Creating workbooks
Using threat hunting and notebooks

Introduction to SIEM

Many security compliance standards require long-term storage, where security-related logs should be kept ...

Get Mastering Azure Security - Second Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Mastering Azure Security - Second Edition by Mustafa Toroman, Tom Janetscheck

Chapter 8: Microsoft Sentinel

Introduction to SIEM

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly