Chapter 5. Threat hunting
Until now, you’ve learned important Azure Sentinel capabilities that can be used during the incident response lifecycle, such as analytics and case management. However, organizations that have a more mature Security Operations Center (SOC) are starting to invest more in proactive investigation to identify indications of attack (IOA). This process is usually called “proactive hunting” or “proactive threat hunting.”
Azure Sentinel provides a platform for proactive threat hunting that can help to identify sophisticated threat behaviors used by threat actors, even when they are still in the early stages of the attack. The goal is to be able to disrupt the cyber kill chain during the initial phases to avoid exploitations. ...
Get Microsoft Azure Sentinel: Planning and implementing Microsoft s cloud-native SIEM solution now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
