Muutke küpsiste eelistusi

Microsoft Azure Sentinel: Planning and implementing Microsofts cloud-native SIEM solution [Pehme köide]

3.57/5 (8 hinnangut Goodreads-ist)
, ,
  • Formaat: Paperback / softback, 208 pages, kõrgus x laius x paksus: 231x187x12 mm, kaal: 359 g, Illustrations
  • Sari: IT Best Practices - Microsoft Press
  • Ilmumisaeg: 01-Jul-2020
  • Kirjastus: Addison Wesley
  • ISBN-10: 0136485456
  • ISBN-13: 9780136485452
Teised raamatud teemal:
Microsoft Azure Sentinel: Planning and implementing Microsofts cloud-native SIEM solutionSuurem pilt
  • Formaat: Paperback / softback, 208 pages, kõrgus x laius x paksus: 231x187x12 mm, kaal: 359 g, Illustrations
  • Sari: IT Best Practices - Microsoft Press
  • Ilmumisaeg: 01-Jul-2020
  • Kirjastus: Addison Wesley
  • ISBN-10: 0136485456
  • ISBN-13: 9780136485452
Teised raamatud teemal:
Püsilink: https://www.kriso.ee/db/9780136485452.html
Märksõnad:

Microsoft Azure Sentinel

Plan, deploy, and operate Azure Sentinel, Microsoft&;s advanced cloud-based SIEM


Microsoft&;s cloud-based Azure Sentinel helps you fully leverage advanced AI to automate threat identification and response &; without the complexity and scalability challenges of traditional Security Information and Event Management (SIEM) solutions. Now, three of Microsoft&;s leading experts review all it can do, and guide you step-by-step through planning, deployment, and daily operations. Leveraging in-the-trenches experience supporting early customers, they cover everything from configuration to data ingestion, rule development to incident management&; even proactive threat hunting to disrupt attacks before you&;re exploited.


Three of Microsoft&;s leading security operations experts show how to:

&; Use Azure Sentinel to respond to today&;s fast-evolving cybersecurity environment, and leverage the benefits of its cloud-native architecture

&; Review threat intelligence essentials: attacker motivations, potential targets, and tactics, techniques, and procedures

&; Explore Azure Sentinel components, architecture, design considerations, and initial configuration

&; Ingest alert log data from services and endpoints you need to monitor

&; Build and validate rules to analyze ingested data and create cases for investigation

&; Prevent alert fatigue by projecting how many incidents each rule will generate

&; Help Security Operation Centers (SOCs) seamlessly manage each incident&;s lifecycle

&; Move towards proactive threat hunting: identify sophisticated threat behaviors and disrupt cyber kill chains before you&;re exploited

&; Do more with data: use programmable Jupyter notebooks and their libraries for machine learning, visualization, and data analysis

&; Use Playbooks to perform Security Orchestration, Automation and Response (SOAR)

&; Save resources by automating responses to low-level events

&; Create visualizations to spot trends, identify or clarify relationships, and speed decisions

&; Integrate with partners and other third-parties, including Fortinet, AWS, and Palo Alto  

Foreword xiii
Introduction xv
Chapter 1 Security challenges for SecOps
1(12)
Current threat landscape
1(4)
Microsoft Security Intelligence Report
3(2)
Security challenges for SecOps
5(3)
Resource challenges
7(1)
Security data challenges
7(1)
Threat intelligence
8(3)
Cloud-native SIEM
11(2)
Core capabilities
12(1)
Chapter 2 Introduction to Azure Sentinel
13(20)
Architecture
13(2)
Adoption considerations
15(1)
Enabling Azure Sentinel
16(3)
Data ingestion
19(10)
Ingesting data from Microsoft solutions
21(8)
Accessing ingested data
29(4)
Chapter 3 Analytics
33(18)
Why use analytics for security?
33(1)
Understanding analytic rules
34(11)
Configuring analytic rules
38(6)
Types of analytic rules
44(1)
Creating analytic rules
45(4)
Validating analytic rules
49(2)
Chapter 4 Incident management
51(12)
Introduction to incident management
51(1)
Security incident in Azure Sentinel
52(4)
Managing an incident
54(2)
Investigating an incident
56(7)
Investigation graph
57(6)
Chapter 5 Threat hunting
63(16)
Introduction to threat hunting
63(1)
Hunting threats in Azure Sentinel
64(9)
Creating new hunting queries and bookmarks
73(6)
Chapter 6 Jupyter Notebooks
79(30)
Introduction
79(5)
Why use Jupyter Notebooks?
80(2)
A word on Python
82(1)
Different audiences for Jupyter Notebooks
83(1)
Jupyter environments
83(1)
Azure Notebooks and Azure Sentinel
84(3)
Connecting to Azure Sentinel
87(7)
Using Kqlmagic to query Azure Sentinel data
87(7)
Notebooks for hunting and investigation
94(13)
Using Microsoft Threat Intelligence Center toolset
95(1)
Querying data: The msticpy query library
95(4)
Event timelines
99(2)
Looking for suspicious signs in your data
101(2)
Finding outliers with clustering
103(2)
Link and display related data sets
105(1)
Geomapping IP addresses
106(1)
Summary
107(2)
Chapter 7 Automation with Playbooks
109(22)
The Importance of SOAR
109(1)
Real-time automation
110(15)
Post-incident automation
125(6)
Chapter 8 Data visualization
131(14)
Azure Sentinel Workbooks
131(2)
Using built-in Workbooks
133(5)
Creating custom Workbooks
138(2)
Creating visualizations in PowerBI and Excel
140(1)
Creating visualizations in Power BI
141(4)
Exporting data to Microsoft Excel
143(2)
Chapter 9 Integrating with partners
145(18)
Connecting with Fortinet
145(6)
Validating connectivity
148(3)
Connecting with Amazon Web Services (AWS)
151(7)
Validating connectivity
156(2)
Connecting with Palo Alto
158(5)
Validating connectivity
161(2)
Appendix A Introduction to Kusto Query Language
163(16)
The KQL query structure
163(3)
Data types
166(1)
Getting, limiting, sorting, and filtering data
167(3)
Summarizing data
170(2)
Adding and removing columns
172(1)
Joining tables
173(2)
Evaluate
175(1)
Let statements
176(1)
Suggested learning resources
177(2)
Index 179
Yuri Diogenes, Senior Program Manager at Microsoft Cybersecurity Engineerings Cloud and Artificial Intelligence Division, works closely with Azure Sentinel and Azure Security Center. Also a Professor at EC-Council Universitys MS and BS-level Cybersecurity programs, he holds an MS in Cybersecurity Intelligence & Forensics from Utica College, an MBA from FGF in Brazil, and several industry certifications. He is co-author of Microsoft Azure Security Center, Second Edition; Enterprise Mobility Suite: Managing BYOD and Company-Owned Devices, and other Microsoft Press books.  Nicholas DiCola is Principal Program Manager at Microsoft Cybersecurity Engineerings Cloud and Artificial Intelligence Division, where he assists customers in deploying advanced Microsoft Azure security systems. Before joining Microsoft in 2006, he was IT/Cyber Specialist on Active Duty in the U.S. Marine Corps. He was contributing author of Automating Active Directory Administration with PowerShell.  Jonathan Trull (CSSP, CISSP, CISA, OSCP) is Global Director for the Microsoft Cybersecurity Solutions Group. He leads Microsofts team of security advisors and cloud security architects in providing strategic direction for Microsoft security offerings and engaging with customers and partners worldwide. His 20 years of information security experience includes stints as VP and CISO for Optiv; as CISO for Qualys; and as CISO for the State of Colorado. As faculty member in Regis Universitys information assurance graduate program, he develops and teaches courses on network forensics, security architecture and design, malware analysis, and legal concepts in information security.