Description |
1 online resource (1 volume) : illustrations |
Bibliography |
Includes bibliographical references. |
Contents |
Cover -- Copyright -- Why subscribe? -- Foreword -- Contributors -- About the authors -- About the reviewers -- Packt is searching for authors like you -- Table Of Contents -- Preface -- Who this book is for -- What this book covers -- To get the most out of this book -- Download the color images -- Conventions used -- Get in touch -- Reviews -- Section 1: Design and Implementation -- Chapter 1: Getting Started with Azure Sentinel -- The current cloud security landscape -- Cloud security reference framework -- SOC platform components -- Mapping the SOC architecture |
|
Log management and data sources -- Operations platforms -- Threat intelligence and threat hunting -- SOC mapping summary -- Security solution integrations -- Cloud platform integrations -- Integrating with AWS -- Integrating with Google Cloud Platform (GCP) -- Integrating with Microsoft Azure -- Private infrastructure integrations -- Service pricing for Azure Sentinel -- Scenario mapping -- Step 1 -- Define the new scenarios -- Step 2 -- Explain the purpose -- Step 3 -- The kill-chain stage -- Step 4 -- Which solution will do detection? -- Step 5 -- What actions will occur instantly? |
|
Step 6 -- Severity and output -- Step 7 -- What action should the analyst take? -- Summary -- Questions -- Further reading -- Chapter 2: Azure Monitor -- Log Analytics -- Technical requirements -- Introduction to Azure Monitor Log Analytics -- Planning a workspace -- Creating a workspace using the portal -- Creating a workspace using PowerShell or the CLI -- Exploring the Overview page -- Managing the permissions of the workspace -- Enabling Azure Sentinel -- Exploring the Azure Sentinel Overview page -- The header bar -- The summary bar -- The Events and alerts over time section |
|
The Recent incidents section -- The Data source anomalies section -- The Potential malicious events section -- The Democratize ML for your SecOps section -- Connecting your first data source -- Obtaining information from Azure virtual machines -- Advanced settings for Log Analytics -- Connected Sources -- The Data option -- Computer Groups -- Summary -- Questions -- Further reading -- Section 2: Data Connectors, Management, and Queries -- Chapter 3: Managing and Collecting Data -- Choosing data that matters -- Understanding connectors -- Native connections -- service to service |
|
Direct connections -- service to service -- API connections -- Agent-based -- Configuring Azure Sentinel connectors -- Configuring Log Analytics storage options -- Calculating the cost of data ingestion and retention -- Reviewing alternative storage options -- Questions -- Further reading -- Chapter 4: Integrating Threat Intelligence -- Introduction to TI -- Understanding STIX and TAXII -- Choosing the right intel feeds for your needs -- Implementing TI connectors -- Enabling the data connector -- Registering an app in Azure AD -- Configuring the MineMeld threat intelligence feed |
Summary |
Azure Sentinel is an intelligent security service from Azure where Microsoft's main focus on developing sentinel is to integrate and bring together cloud security and artificial intelligence into effect. Here readers will gain enough understanding to make the most of Azure services to secure their environment from modern cybersecurity threats. |
Local Note |
eBooks on EBSCOhost EBSCO eBook Subscription Academic Collection - North America |
Subject |
Microsoft Azure (Computing platform)
|
|
Cloud computing -- Security measures.
|
|
Artificial intelligence.
|
|
artificial intelligence. |
|
Artificial intelligence |
|
Microsoft Azure (Computing platform) |
Added Author |
Bushey, Gary, author.
|
|
Rader, Jason S., writer of foreword.
|
Other Form: |
Print version: Diver, Richard. Learn Azure Sentinel : Integrate Azure Security with Artificial Intelligence to Build Secure Cloud Systems. Birmingham : Packt Publishing, Limited, ©2020 |
ISBN |
9781839216633 |
|
1839216638 |
|
9781838980924 |
|