Learn Azure Sentinel
Richard Diver Gary Bushey Jason S. Rader更新时间:2021-06-30 15:08:47
最新章节:Leave a review - let other readers know what you think封面
Learn Azure Sentinel
Learn Azure Sentinel
Why subscribe?
Foreword
Contributors
About the authors
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Section 1: Design and Implementation
Chapter 1: Getting Started with Azure Sentinel
The current cloud security landscape
The cloud security reference framework
SOC platform components
Mapping the SOC architecture
Security solution integrations
Cloud platform integrations
Private infrastructure integrations
Service pricing for Azure Sentinel
Scenario mapping
Summary
Questions
Further reading
Chapter 2: Azure Monitor – Log Analytics
Technical requirements
Introduction to Azure Monitor Log Analytics
Managing the permissions of the workspace
Enabling Azure Sentinel
Exploring the Azure Sentinel Overview page
Advanced settings for Log Analytics
Summary
Questions
Further reading
Section 2: Data Connectors Management and Queries
Chapter 3: Managing and Collecting Data
Choosing data that matters
Understanding connectors
Configuring Azure Sentinel connectors
Configuring Log Analytics storage options
Summary
Questions
Further reading
Chapter 4: Integrating Threat Intelligence
Introduction to TI
Understanding STIX and TAXII
Choosing the right intel feeds for your needs
Implementing TI connectors
Summary
Questions
Further reading
Chapter 5: Using the Kusto Query Language (KQL)
Running KQL queries
Introduction to KQL commands
Summary
Questions
Further reading
Chapter 6: Azure Sentinel Logs and Writing Queries
An introduction to the Azure Sentinel Logs page
Navigating through the Logs page
Writing a query
Summary
Questions
Further reading
Section 3: Security Threat Hunting
Chapter 7: Creating Analytic Rules
An introduction to Azure Sentinel Analytics
Creating an analytic rule
Managing analytic rules
Summary
Questions
Further reading
Chapter 8:Introducing Workbooks
An overview of the Workbooks page
Walking through an existing workbook
Creating workbooks
Editing a workbook
Managing workbooks
Workbook step types
Summary
Questions
Further reading
Chapter 9:Incident Management
Using the Azure Sentinel Incidents page
Exploring the full details page
Investigating an incident
Summary
Questions
Further reading
Chapter 10: Threat Hunting in Azure Sentinel
Introducing the Azure Sentinel Hunting page
Working with Azure Sentinel Hunting queries
Working with Livestream
Working with bookmarks
Using Azure Sentinel Notebooks
Performing a hunt
Summary
Questions
Further reading
Section 4: Integration and Automation
Chapter 11: Creating Playbooks and Logic Apps
Introduction to Azure Sentinel playbooks
Playbook pricing
Overview of the Azure Sentinel connector
Exploring the Playbooks page
Logic Apps settings page
Creating a new playbook
Using the Logic Apps Designer page
Creating a simple Azure Sentinel playbook
Summary
Questions
Further reading
Chapter 12: ServiceNow Integration
Overview of Azure Sentinel alerts
Overview of IT Service Management (ITSM)
Logging in to ServiceNow
Creating a playbook to trigger a ticket in ServiceNow
Summary
Questions
Further reading
Section 5: Operational Guidance
Chapter 13: Operational Tasks for Azure Sentinel
Dividing SOC duties
Operational tasks for SOC engineers
Operational tasks for SOC analysts
Summary
Questions
Chapter 14: Constant Learning and Community Contribution
Official resources from Microsoft
Resources for SOC operations
Using GitHub
Specific components and supporting technologies
Summary
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Other Books You May Enjoy
Leave a review - let other readers know what you think
更新时间:2021-06-30 15:08:47