更新时间:2021-06-30 15:08:47
封面
Learn Azure Sentinel
Why subscribe?
Foreword
Contributors
About the authors
About the reviewers
Packt is searching for authors like you
Preface
Who this book is for
What this book covers
To get the most out of this book
Download the color images
Conventions used
Get in touch
Reviews
Section 1: Design and Implementation
Chapter 1: Getting Started with Azure Sentinel
The current cloud security landscape
The cloud security reference framework
SOC platform components
Mapping the SOC architecture
Security solution integrations
Cloud platform integrations
Private infrastructure integrations
Service pricing for Azure Sentinel
Scenario mapping
Summary
Questions
Further reading
Chapter 2: Azure Monitor – Log Analytics
Technical requirements
Introduction to Azure Monitor Log Analytics
Managing the permissions of the workspace
Enabling Azure Sentinel
Exploring the Azure Sentinel Overview page
Advanced settings for Log Analytics
Section 2: Data Connectors Management and Queries
Chapter 3: Managing and Collecting Data
Choosing data that matters
Understanding connectors
Configuring Azure Sentinel connectors
Configuring Log Analytics storage options
Chapter 4: Integrating Threat Intelligence
Introduction to TI
Understanding STIX and TAXII
Choosing the right intel feeds for your needs
Implementing TI connectors
Chapter 5: Using the Kusto Query Language (KQL)
Running KQL queries
Introduction to KQL commands
Chapter 6: Azure Sentinel Logs and Writing Queries
An introduction to the Azure Sentinel Logs page
Navigating through the Logs page
Writing a query
Section 3: Security Threat Hunting
Chapter 7: Creating Analytic Rules
An introduction to Azure Sentinel Analytics
Creating an analytic rule
Managing analytic rules
Chapter 8:Introducing Workbooks
An overview of the Workbooks page
Walking through an existing workbook
Creating workbooks
Editing a workbook
Managing workbooks
Workbook step types
Chapter 9:Incident Management
Using the Azure Sentinel Incidents page
Exploring the full details page
Investigating an incident
Chapter 10: Threat Hunting in Azure Sentinel
Introducing the Azure Sentinel Hunting page
Working with Azure Sentinel Hunting queries
Working with Livestream
