Book description
Learn how to set up, configure, and use Microsoft Sentinel to provide security incident and event management services for your multi-cloud environment
Key Features
- Collect, normalize, and analyze security information from multiple data sources
- Integrate AI, machine learning, built-in and custom threat analyses, and automation to build optimal security solutions
- Detect and investigate possible security breaches to tackle complex and advanced cyber threats
Book Description
Microsoft Sentinel is a security information and event management (SIEM) tool developed by Microsoft that helps you integrate cloud security and artificial intelligence (AI). This book will teach you how to implement Microsoft Sentinel and understand how it can help detect security incidents in your environment with integrated AI, threat analysis, and built-in and community-driven logic.
The first part of this book will introduce you to Microsoft Sentinel and Log Analytics, then move on to understanding data collection and management, as well as how to create effective Microsoft Sentinel queries to detect anomalous behaviors and activity patterns. The next part will focus on useful features, such as entity behavior analytics and Microsoft Sentinel playbooks, along with exploring the new bi-directional connector for ServiceNow. In the next part, you'll be learning how to develop solutions that automate responses needed to handle security incidents and find out more about the latest developments in security, techniques to enhance your cloud security architecture, and explore how you can contribute to the security community.
By the end of this book, you'll have learned how to implement Microsoft Sentinel to fit your needs and protect your environment from cyber threats and other security issues.
What you will learn
- Implement Log Analytics and enable Microsoft Sentinel and data ingestion from multiple sources
- Tackle Kusto Query Language (KQL) coding
- Discover how to carry out threat hunting activities in Microsoft Sentinel
- Connect Microsoft Sentinel to ServiceNow for automated ticketing
- Find out how to detect threats and create automated responses for immediate resolution
- Use triggers and actions with Microsoft Sentinel playbooks to perform automations
Who this book is for
You'll get the most out of this book if you have a good grasp on other Microsoft security products and Azure, and are now looking to expand your knowledge to incorporate Microsoft Sentinel. Security experts who use an alternative SIEM tool and want to adopt Microsoft Sentinel as an additional or a replacement service will also find this book useful.
Table of contents
- Microsoft Sentinel in Action
- Contributors
- About the authors
- About the reviewers
- Preface
- Section 1: Design and Implementation
-
Chapter 1: Getting Started with Microsoft Sentinel
- The current cloud security landscape
- The cloud security reference framework
- SOC platform components
- Mapping the SOC architecture
- Security solution integrations
- Cloud platform integrations
- Private infrastructure integrations
- Service pricing for Microsoft Sentinel
- Scenario mapping
- Summary
- Questions
- Further reading
-
Chapter 2: Azure Monitor – Introduction to Log Analytics
- Technical requirements
- Introduction to Azure Monitor Log Analytics
- Creating a workspace using the portal
- Creating a workspace using PowerShell or the CLI
- Managing permissions for the workspace
- Enabling Microsoft Sentinel
- Exploring the Microsoft Sentinel Overview page
- Connecting your first data source
- Advanced settings for Log Analytics
- Summary
- Questions
- Further reading
- Section 2: Data Connectors, Management, and Queries
- Chapter 3: Managing and Collecting Data
- Chapter 4: Integrating Threat Intelligence with Microsoft Sentinel
- Chapter 5: Using the Kusto Query Language (KQL)
- Chapter 6: Microsoft Sentinel Logs and Writing Queries
- Section 3: Security Threat Hunting
- Chapter 7: Creating Analytic Rules
- Chapter 8: Creating and Using Workbooks
- Chapter 9: Incident Management
- Chapter 10: Configuring and Using Entity Behavior
- Chapter 11: Threat Hunting in Microsoft Sentinel
- Section 4: Integration and Automation
-
Chapter 12: Creating Playbooks and Automation
- Introduction to Microsoft Sentinel playbooks
- Introduction to Microsoft Sentinel Automation
- Adding a new automation rule
- Playbook pricing
- Types of playbooks
- Overview of the Microsoft Sentinel connector
- Exploring the Playbooks tab
- Logic app settings page
- Creating a new playbook
- Using the Logic Apps Designer page
- Creating a simple Microsoft Sentinel playbook
- Summary
- Questions
- Further reading
-
Chapter 13: ServiceNow Integration for Alert and Case Management
-
A brief history of Microsoft Sentinel and ServiceNow integration
- Integrating Microsoft Sentinel with ServiceNow ITSM using Microsoft Sentinel Logic Apps
- Integrating Azure security alert sources (not just Sentinel) with ServiceNow Security Incident Response via the Microsoft Graph Security API
- Integrating Microsoft Sentinel with ServiceNow Security Incident Response via an API directly to Microsoft Sentinel
- Steps to integrate Microsoft Sentinel with ServiceNow
- Summary
-
A brief history of Microsoft Sentinel and ServiceNow integration
- Section 5: Operational Guidance
- Chapter 14: Operational Tasks for Microsoft Sentinel
- Chapter 15: Constant Learning and Community Contribution
- Assessments
- Other Books You May Enjoy
Product information
- Title: Microsoft Sentinel in Action - Second Edition
- Author(s):
- Release date: February 2022
- Publisher(s): Packt Publishing
- ISBN: 9781801815536
You might also like
book
Windows Internals, Part 2, 7th Edition
The definitive guide to modern Windows internals: new coverage of virtualization, file systems, boot, security, and …
book
Mastering PowerShell Scripting - Fourth Edition
This complete guide takes you on a tour of PowerShell from the basics to its advanced …
book
Mastering Windows Security and Hardening - Second Edition
A comprehensive guide to administering and protecting the latest Windows 11 and Windows Server 2022 from …
book
PowerShell Cookbook, 4th Edition
How do you use PowerShell to navigate the filesystem, manage files and folders, or retrieve a …