Microsoft Sentinel in Action - Second Edition: Architect, design, implement, and operate Microsoft Sentinel as the core of your security solutions
暫譯: 《Microsoft Sentinel 實戰 - 第二版：架構、設計、實作及運營 Microsoft Sentinel 作為您安全解決方案的核心》

Learn how to set up, configure, and use Microsoft Sentinel to provide security incident and event management services for your multi-cloud environment

Key Features:

• Collect, normalize, and analyze security information from multiple data sources
• Integrate AI, machine learning, built-in and custom threat analyses, and automation to build optimal security solutions
• Detect and investigate possible security breaches to tackle complex and advanced cyber threats

Book Description:

Microsoft Sentinel is a security information and event management (SIEM) tool developed by Microsoft that helps you to integrate cloud security and artificial intelligence (AI). This book will enable you to implement Microsoft Sentinel and understand how it can help detect security incidents in your environment with integrated AI, threat analysis, and built-in and community-driven logic.

The book begins by introducing you to Microsoft Sentinel and Log Analytics. You'll then get to grips with data collection and management, before learning how to create effective Microsoft Sentinel queries to detect anomalous behaviors and activity patterns. Moving ahead, you'll learn about useful features such as entity behavior analytics and Microsoft Sentinel playbooks along with exploring the new bi-directional connector for ServiceNow. As you progress, you'll find out how to develop solutions that automate responses needed to handle security incidents. Finally, you'll grasp the latest developments in security, discover techniques to enhance your cloud security architecture, and explore how you can contribute to the security community.

By the end of this Microsoft Sentinel book, you'll have learned how to implement Microsoft Sentinel to fit your needs and be able to protect your environment from cyber threats and other security issues.

What You Will Learn:

• Implement Log Analytics and enable Microsoft Sentinel and data ingestion from multiple sources
• Get to grips with coding using the Kusto Query Language (KQL)
• Discover how to carry out threat hunting activities in Microsoft Sentinel
• Connect Microsoft Sentinel to ServiceNow for automated ticketing
• Find out how to detect threats and create automated responses for immediate resolution
• Use triggers and actions with Microsoft Sentinel playbooks to perform automations

Who this book is for:

If you are an IT professional with prior experience in other Microsoft security products and Azure and are now looking to expand your knowledge to incorporate Microsoft Sentinel, then this book is for you. Security experts using an alternative SIEM tool who want to adopt Microsoft Sentinel as an additional service or as a replacement will also find this book useful.