Book Image

Learn Azure Sentinel

By : Richard Diver, Gary Bushey
Book Image

Learn Azure Sentinel

By: Richard Diver, Gary Bushey

Overview of this book

Azure Sentinel is a Security Information and Event Management (SIEM) tool developed by Microsoft to integrate cloud security and artificial intelligence (AI). Azure Sentinel not only helps clients identify security issues in their environment, but also uses automation to help resolve these issues. With this book, you’ll implement Azure Sentinel and understand how it can help find security incidents in your environment with integrated artificial intelligence, threat analysis, and built-in and community-driven logic. This book starts with an introduction to Azure Sentinel and Log Analytics. You’ll get to grips with data collection and management, before learning how to create effective Azure Sentinel queries to detect anomalous behaviors and patterns of activity. As you make progress, you’ll understand how to develop solutions that automate the responses required to handle security incidents. Finally, you’ll grasp the latest developments in security, discover techniques to enhance your cloud security architecture, and explore how you can contribute to the security community. By the end of this book, you’ll have learned how to implement Azure Sentinel to fit your needs and be able to protect your environment from cyber threats and other security issues.
Table of Contents (22 chapters)
1
Section 1: Design and Implementation
4
Section 2: Data Connectors, Management, and Queries
9
Section 3: Security Threat Hunting
14
Section 4: Integration and Automation
17
Section 5: Operational Guidance

Introduction to TI

Due to the complex nature of cybersecurity and the sophistication of modern attacks, it is difficult for any organization to keep track of vulnerabilities and the multiple ways that an attacker may compromise a system, especially if cybersecurity is not the focus of the organization. Understanding what to look for and deciding what to do when you see a system anomaly or another potential threat is complex and time-consuming. This is where TI comes in useful.

TI is critical in the fight against adversaries and is now integrated with most security products; it provides the ability to set a list of indicators for detection and blocking malicious activities. You can subscribe to TI feeds to gain knowledge from other security professionals in the industry and create your own indicators that are specific to the environment you are operating.

If you are new to this topic, there are some new keywords and abbreviations to learn:

  • Threat indicators: This is a...