Microsoft Azure Sentinel: Planning and Implementing Microsoft's Cloud-Native Siem Solution

Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution that helps to automate threat identification and response―without the complexity and scalability challenges of traditional Security Information and Event Management (SIEM) solutions. Three of Microsoft's leading experts review all it can do, and guide you step by step through planning, deployment, and daily operations. The second edition of this book brings the latest updates in the product and new use case scenarios for investigation, hunting, automation, and orchestration.

 

- Use Microsoft Sentinel to respond to today's fast-evolving cybersecurity environment, and leverage the benefits of its cloud-native architecture

 

- Review threat intelligence essentials: attacker motivations, potential targets, and tactics, techniques, and procedures

 

- Explore Microsoft Sentinel components, architecture, design considerations, and initial configuration

 

- Ingest alert log data from services and endpoints you need to monitor

 

- Build and validate rules to analyze ingested data and create cases for investigation

 

- Prevent alert fatigue by projecting how many incidents each rule will generate

 

- Help Security Operation Centers (SOCs) seamlessly manage each incident's lifecycle

 

- Move towards proactive threat hunting: identify sophisticated threat behaviors and disrupt cyber kill chains before you're exploited

 

- Do more with data: use programmable Jupyter notebooks and their libraries for machine learning, visualization, and data analysis

 

- Use Playbooks to perform Security Orchestration, Automation and Response (SOAR)

 

- Save resources by automating responses to low-level events

 

- Create visualizations to spot trends, identify or clarify relationships, and speed decisions

 

- Integrate with partners solutions

 

 

 

Microsoft Sentinel 是一個可擴展的、雲原生的安全資訊與事件管理（SIEM）和安全編排、自動化和回應（SOAR）解決方案，可幫助自動化威脅識別和回應，而不會遇到傳統安全資訊與事件管理（SIEM）解決方案的複雜性和可擴展性挑戰。三位微軟的頂尖專家回顧了它的所有功能，並逐步指導您進行規劃、部署和日常運營。本書的第二版介紹了產品的最新更新和新的用例場景，包括調查、獵殺、自動化和編排。

- 使用 Microsoft Sentinel 應對當今快速發展的網絡安全環境，並利用其雲原生架構的優勢
- 深入研究威脅情報的基本要素：攻擊者的動機、潛在目標以及戰術、技術和程序
- 探索 Microsoft Sentinel 的組件、架構、設計考慮因素和初始配置
- 將需要監控的服務和終端點的警報日誌數據載入
- 建立和驗證規則以分析載入的數據並創建調查案例
- 通過預測每個規則將生成多少事件來防止警報疲勞
- 幫助安全運營中心（SOC）無縫管理每個事件的生命周期
- 走向主動威脅獵殺：在被利用之前識別複雜的威脅行為並破壞網絡攻擊鏈
- 利用可編程的 Jupyter 筆記本及其庫進行機器學習、可視化和數據分析
- 使用 Playbooks 執行安全編排、自動化和回應（SOAR）
- 通過自動化對低級事件的回應來節省資源
- 創建可視化圖表以發現趨勢、識別或澄清關係並加快決策速度
- 與合作夥伴解決方案集成