Muutke küpsiste eelistusi

E-raamat: Microsoft Azure Sentinel: Planning and implementing Microsoft's cloud-native SIEM solution

3.57/5 (7 hinnangut Goodreads-ist)
, ,
Teised raamatud teemal:
  • Formaat - PDF+DRM
  • Hind: 32,89 €*
  • * hind on lõplik, st. muud allahindlused enam ei rakendu
  • Lisa ostukorvi
  • Lisa soovinimekirja
  • See e-raamat on mõeldud ainult isiklikuks kasutamiseks. E-raamatuid ei saa tagastada.
Microsoft Azure Sentinel: Planning and implementing Microsoft's cloud-native SIEM solutionSuurem pilt
Teised raamatud teemal:

DRM piirangud

  • Kopeerimine (copy/paste):

    ei ole lubatud

  • Printimine:

    ei ole lubatud

  • Kasutamine:

    Digitaalõiguste kaitse (DRM)
    Kirjastus on väljastanud selle e-raamatu krüpteeritud kujul, mis tähendab, et selle lugemiseks peate installeerima spetsiaalse tarkvara. Samuti peate looma endale  Adobe ID Rohkem infot siin. E-raamatut saab lugeda 1 kasutaja ning alla laadida kuni 6'de seadmesse (kõik autoriseeritud sama Adobe ID-ga).

    Vajalik tarkvara
    Mobiilsetes seadmetes (telefon või tahvelarvuti) lugemiseks peate installeerima selle tasuta rakenduse: PocketBook Reader (iOS / Android)

    PC või Mac seadmes lugemiseks peate installima Adobe Digital Editionsi (Seeon tasuta rakendus spetsiaalselt e-raamatute lugemiseks. Seda ei tohi segamini ajada Adober Reader'iga, mis tõenäoliselt on juba teie arvutisse installeeritud )

    Seda e-raamatut ei saa lugeda Amazon Kindle's. 

Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution that helps to automate threat identification and response without the complexity and scalability challenges of traditional Security Information and Event Management (SIEM) solutions. Three of Microsoft's leading experts review all it can do, and guide you step by step through planning, deployment, and daily operations. The second edition of this book brings the latest updates in the product and new use case scenarios for investigation, hunting, automation, and orchestration.

·     Use Microsoft Sentinel to respond to today's fast-evolving cybersecurity environment, and leverage the benefits of its cloud-native architecture

·     Review threat intelligence essentials: attacker motivations, potential targets, and tactics, techniques, and procedures

·     Explore Microsoft Sentinel components, architecture, design considerations, and initial configuration

·     Ingest alert log data from services and endpoints you need to monitor

·     Build and validate rules to analyze ingested data and create cases for investigation

·     Prevent alert fatigue by projecting how many incidents each rule will generate

·     Help Security Operation Centers (SOCs) seamlessly manage each incident's lifecycle

·     Move towards proactive threat hunting: identify sophisticated threat behaviors and disrupt cyber kill chains before you're exploited

·     Do more with data: use programmable Jupyter notebooks and their libraries for machine learning, visualization, and data analysis

·     Use Playbooks to perform Security Orchestration, Automation and Response (SOAR)

·     Save resources by automating responses to low-level events

·     Create visualizations to spot trends, identify or clarify relationships, and speed decisions

·     Integrate with partners solutions

 
Foreword xi
Acknowledgments xiii
About the authors xv
Introduction xvii
Chapter 1 Security challenges for SecOps
1(12)
Current threat landscape
1(4)
The history of a supply-chain attack
5(1)
Security Challenges for SecOps
6(2)
Resource challenges
8(1)
Finding the proverbial needle in the haystack
8(1)
Threat intelligence
9(3)
Introducing Microsoft Sentinel
12(1)
Core capabilities
12(1)
Chapter 2 Introduction to Microsoft Sentinel
13(18)
Architecture
13(2)
Roles and permissions
15(2)
Workspace design considerations
17(1)
Hardening considerations
18(1)
Additional considerations
18(1)
Enabling Microsoft Sentinel
19(3)
Ingesting data from Microsoft solutions
22(3)
Connecting Microsoft Defender for Cloud
25(1)
Connecting to Azure Active Directory
26(2)
Accessing ingested data
28(3)
Chapter 3 Analytics
31(22)
Why use analytics for security?
31(1)
Understanding analytic rules
32(4)
Configuring analytic rules
36(8)
Types of analytic rules
44(2)
Creating analytic rules
46(4)
Validating analytic rules
50(3)
Chapter 4 Incident management
53(22)
Understanding Microsoft Sentinel incidents
53(1)
Exploring and configuring the Incidents view
54(5)
Guides and feedback
59(1)
Triaging incidents
60(2)
Searching for specific incidents
62(1)
Incident details
63(6)
Teams integration
69(2)
Graphical investigation
71(4)
Chapter 5 Hunting
75(32)
Understanding threat hunting
75(1)
Knowing your environment and data
76(1)
Threat hunting in Microsoft Sentinel
76(3)
Running your first hunting query
79(2)
Hunting hypothesis example
81(10)
Livestream
91(3)
Using Livestream with Azure Key Vault honeytokens
94(3)
Understanding cyberthreat intelligence
97(1)
Threat intelligence in Microsoft Sentinel
97(1)
Configuring the TAXII data connector
98(2)
Enabling the threat intelligence rules
100(1)
Creating a custom threat indicator
101(3)
Interactive TI and hunting dashboards
104(3)
Chapter 6 Notebooks
107(20)
Understanding Microsoft Sentinel Notebooks
107(2)
Configuring an AML workspace and compute
109(7)
Configuration steps to interact with your Microsoft Sentinel workspace
116(2)
The MSTICpy library
118(3)
Hunting and enrichment examples
121(1)
Sign-ins that did not pass the MFA challenge
121(4)
Creating interactive cells
125(2)
Chapter 7 Automating response
127(24)
The importance of SOAR
127(1)
Understanding automation rules
128(1)
Creating an automation rule
128(2)
Advanced automation with Playbooks
130(16)
Post-incident automation
146(5)
Chapter 8 Data visualization
151(12)
Microsoft Sentinel Workbooks
151(5)
Creating custom Workbooks
156(3)
Creating visualizations in Power BI and Excel
159(1)
Creating visualizations in Power BI
160(2)
Exporting data to Microsoft Excel
162(1)
Chapter 9 Data connectors
163(20)
Understanding data connectors
163(2)
Ingestion methods
165(1)
The Codeless Connector Platform
166(1)
Preparing for a new data connector
166(1)
Enabling and configuring a data connector
167(3)
The Microsoft 365 Defender connector
170(1)
Understanding the Amazon Web Services S3 connector
171(1)
The AWS S3 configuration process
172(1)
Data connector health monitoring
173(2)
The Microsoft SentinelHealth table
175(2)
The Content Hub
177(6)
Appendix A Introduction to Kusto Query Language
183(16)
The KQL query structure
183(3)
Data types
186(1)
Getting, limiting, sorting, and filtering data
187(3)
Summarizing data
190(2)
Adding and removing columns
192(1)
Joining tables
193(2)
Evaluate
195(1)
Let statements
196(1)
Suggested learning resources
197(2)
Appendix B Microsoft Sentinel for managed security service providers
199(16)
Accessing the customer environment
199(1)
Azure Lighthouse
199(4)
Azure Active Directory B2B
203(1)
Cross-workspace features
204(1)
KQL Queries
205(1)
Analytics rules
206(1)
Hunting
207(2)
Incident management
209(1)
Automation/SOAR
210(1)
Workbooks
211(1)
Security content management
212(1)
How to adopt CI/CD?
212(1)
Microsoft Sentinel repositories
213(2)
Index 215
Yuri Diogenes, MsC holds a Master of Science in cybersecurity intelligence and forensics investigation from UTICA College and is currently working on his Ph.D. in cybersecurity leadership from Capitol Technology University. Yuri has been working at Microsoft since 2006 and currently is a principal program manager for the CxE Microsoft Defender for Cloud Team. Yuri has published a total of 26 books, mostly about information security and Microsoft technologies. Yuri is also a professor at EC-Council University, where he teaches in the Bachelor of Cybersecurity Program. Yuri is an MBA and holds many IT/Security industry certifications, such as CISSP, MITRE ATT&CK® Cyber Threat Intelligence Certified, E|CND, E|CEH, E|CSA, E|CHFI, CompTIA Security+, CySA+, Network+, CASP, and CyberSec First Responder. You can follow Yuri on Twitter at @yuridiogenes.

Nicholas DiCola is the Vice President of Customers at Zero Networks, where he leads the customer engineering team that helps customers with pilots and deployments of Zero Networks products. He has a Master of Business Administration with a concentration in information systems. He holds various industry certifications, such as CISSP and CEH. You can follow Nicholas on Twitter at @mastersecjedi.

Tiander Turpijn is a principal program manager for Microsoft Sentinel. He joined Microsoft in 1998 and fulfilled multiple roles, from senior escalation support engineer, senior management & security consultant, and architect to a datacenter architecture role. Tiander has a computer science degree and various industry certifications, such as CISSP and CEH. You can follow Tiander on Twitter at @tianderturpijn.
Lisainfo e-raamatute kohta Lisainfo e-raamatute kohta
Püsilink: https://www.kriso.ee/db/97801379010742e.html
Märksõnad: