Microsoft Azure Sentinel: Planning and Implementing Microsoft's Cloud-Native Siem Solution
暫譯: Microsoft Azure Sentinel：規劃與實施微軟的雲端原生 SIEM 解決方案

Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution that helps to automate threat identification and response―without the complexity and scalability challenges of traditional Security Information and Event Management (SIEM) solutions. Three of Microsoft's leading experts review all it can do, and guide you step by step through planning, deployment, and daily operations. The second edition of this book brings the latest updates in the product and new use case scenarios for investigation, hunting, automation, and orchestration.

 

- Use Microsoft Sentinel to respond to today's fast-evolving cybersecurity environment, and leverage the benefits of its cloud-native architecture

 

- Review threat intelligence essentials: attacker motivations, potential targets, and tactics, techniques, and procedures

 

- Explore Microsoft Sentinel components, architecture, design considerations, and initial configuration

 

- Ingest alert log data from services and endpoints you need to monitor

 

- Build and validate rules to analyze ingested data and create cases for investigation

 

- Prevent alert fatigue by projecting how many incidents each rule will generate

 

- Help Security Operation Centers (SOCs) seamlessly manage each incident's lifecycle

 

- Move towards proactive threat hunting: identify sophisticated threat behaviors and disrupt cyber kill chains before you're exploited

 

- Do more with data: use programmable Jupyter notebooks and their libraries for machine learning, visualization, and data analysis

 

- Use Playbooks to perform Security Orchestration, Automation and Response (SOAR)

 

- Save resources by automating responses to low-level events

 

- Create visualizations to spot trends, identify or clarify relationships, and speed decisions

 

- Integrate with partners solutions