Chapter 4. Incident management
Microsoft’s approach to security incident management is based on National Institute of Standards and Technology (NIST) Special Publication (SP) 800-61. Microsoft has several teams that work together to prevent, monitor, detect, and respond to security incidents. Azure Sentinel leverages Microsoft’s knowledge of incident management to incorporate built-in capabilities that will assist Security Operation Centers (SOCs) to manage their incidents in a seamless way from the same dashboard.
In this chapter, you will learn more about incident management in Azure Sentinel and how to leverage this capability to quickly address new security incidents.
Introduction to incident management
Before we dive into incident management ...
Get Microsoft Azure Sentinel: Planning and implementing Microsoft s cloud-native SIEM solution now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
