๐”– Scriptorium
โœฆ   LIBER   โœฆ
๐Ÿ“

Learn Azure Sentinel: Integrate Azure security with artificial intelligence to build secure cloud systems

โœ Scribed by Richard Diver, Gary Bushey

Publisher
Packt Publishing
Year
2020
Tongue
English
Leaves
423
Category
Library
โฌ‡  Acquire This Volume

No coin nor oath required. For personal study only.

โœฆ Synopsis

Understand how to set up, configure, and use Azure Sentinel to provide security incident and event management services for your environment

Key Features

  • Secure your network, infrastructure, data, and applications on Microsoft Azure effectively
  • Integrate artificial intelligence, threat analysis, and automation for optimal security solutions
  • Investigate possible security breaches and gather forensic evidence to prevent modern cyber threats

Book Description

Azure Sentinel is a Security Information and Event Management (SIEM) tool developed by Microsoft to integrate cloud security and artificial intelligence (AI). Azure Sentinel not only helps clients identify security issues in their environment, but also uses automation to help resolve these issues. With this book, you'll implement Azure Sentinel and understand how it can help find security incidents in your environment with integrated artificial intelligence, threat analysis, and built-in and community-driven logic.

This book starts with an introduction to Azure Sentinel and Log Analytics. You'll get to grips with data collection and management, before learning how to create effective Azure Sentinel queries to detect anomalous behaviors and patterns of activity. As you make progress, you'll understand how to develop solutions that automate the responses required to handle security incidents. Finally, you'll grasp the latest developments in security, discover techniques to enhance your cloud security architecture, and explore how you can contribute to the security community.

By the end of this book, you'll have learned how to implement Azure Sentinel to fit your needs and be able to protect your environment from cyber threats and other security issues.

What you will learn

  • Understand how to design and build a security operations center
  • Discover the key components of a cloud security architecture
  • Manage and investigate Azure Sentinel incidents
  • Use playbooks to automate incident responses
  • Understand how to set up Azure Monitor Log Analytics and Azure Sentinel
  • Ingest data into Azure Sentinel from the cloud and on-premises devices
  • Perform threat hunting in Azure Sentinel

Who this book is for

This book is for solution architects and system administrators who are responsible for implementing new solutions in their infrastructure. Security analysts who need to monitor and provide immediate security solutions or threat hunters looking to learn how to use Azure Sentinel to investigate possible security breaches and gather forensic evidence will also benefit from this book. Prior experience with cloud security, particularly Azure, is necessary.

Table of Contents

  1. Getting Started with Azure Sentinel
  2. Azure Monitor - Log Analytics
  3. Managing and Collecting Data
  4. Threat Intelligence Integration
  5. Using the Kusto Query Language (KQL)
  6. Creating Useful Queries
  7. Creating Analytic Rules
  8. Introduction to Using Workbooks
  9. Incident Management
  10. Hunting and Forensics Gathering
  11. Creating Playbooks and Logic Apps
  12. ServiceNow Integration
  13. Operational Tasks for Azure Sentinel
  14. Constant learning and community contribution

โœฆ Table of Contents

Cover
Title Page
Copyright and Credits
About Packt
Foreword
Contributors
Table of Contents
Preface
Section 1: Design and Implementation
Chapter 01: Getting Started with Azure Sentinel
The current cloud security landscape
The cloud security reference framework
SOC platform components
Mapping the SOC architecture
Log management and data sources
Operations platforms
Threat intelligence and threat hunting
SOC mapping summary
Security solution integrations
Cloud platform integrations
Integrating with AWS
Integrating with Google Cloud Platform (GCP)
Integrating with Microsoft Azure
Private infrastructure integrations
Service pricing for Azure Sentinel
Scenario mapping
Step 1 โ€“ Define the new scenarios
Step 2 โ€“ Explain the purpose
Step 3 โ€“ The kill-chain stage
Step 4 โ€“ Which solution will do detection?
Step 5 โ€“ What actions will occur instantly?
Step 6 โ€“ Severity and output
Step 7 โ€“ What action should the analyst take?
Summary
Questions
Further reading
Chapter 02: Azure Monitor โ€“ Log Analytics
Technical requirements
Introduction to Azure Monitor Log Analytics
Planning a workspace
Creating a workspace using the portal
Creating a workspace using PowerShell or the CLI
Exploring the Overview page
Managing the permissions of the workspace
Enabling Azure Sentinel
Exploring the Azure Sentinel Overview page
The header bar
The summary bar
The Recent incidents section
The Data source anomalies section
The Potential malicious events section
The Democratize ML for your SecOps section
Obtaining information from Azure virtual machines
Advanced settings for Log Analytics
Connected Sources
The Data option
Computer Groups
Summary
Questions
Further reading
Section 2: Data Connectors, Management, and Queries
Chapter 03: Managing and Collecting Data
Choosing data that matters
Understanding connectors
Native connections โ€“ service to service
Direct connections โ€“ service to service
API connections
Agent-based
Configuring Azure Sentinel connectors
Configuring Log Analytics storage options
Calculating the cost of data ingestion and retention
Reviewing alternative storage options
Summary
Questions
Further reading
Chapter 04: Integrating Threat Intelligence
Introduction to TI
Understanding STIX and TAXII
Choosing the right intel feeds for your needs
Implementing TI connectors
Enabling the data connector
Registering an app in Azure AD
Configuring the MineMeld TI feed
Confirming the data is being ingested for use by Azure Sentinel
Summary
Questions
Further reading
Chapter 05: Using the Kusto Query Language (KQL)
Running KQL queries
Introduction to KQL commands
Tabular operators
Query statement
Scalar functions
String operators
Summary
Questions
Further reading
Chapter 06: Azure Sentinel Logs and Writing Queries
An introduction to the Azure Sentinel Logs page
Navigating through the Logs page
The page header
The Tables pane
The Filter pane
The KQL code window
The results window
Learn more
Writing a query
The billable data ingested
Map view of logins
Other useful logs
Summary
Questions
Further reading
Section 3: Security Threat Hunting
Chapter 07: Creating Analytic Rules
An introduction to Azure Sentinel Analytics
Types of analytic rules
Navigating through the Analytics home page
Creating an analytic rule
Creating a rule from a rule template
Creating a new rule using the wizard
Managing analytic rules
Summary
Questions
Further reading
Chapter 08: Introducing Workbooks
An overview of the Workbooks page
The workbook header
The Templates view
Workbook detail view
Missing required data types
Workbook detail view (continued)
Saved template buttons
Walking through an existing workbook
Creating workbooks
Creating a workbook using a template
Creating a new workbook from scratch
Editing a workbook
Advanced editing
Managing workbooks
Workbook step types
Text
Query
Parameters
Links/tabs
Advanced settings
Summary
Questions
Further reading
Chapter 09: Incident Management
Using the Azure Sentinel Incidents page
The header bar
The summary bar
The search and filtering section
Incident listing
Incident details pane
Using the Actions button
Exploring the full details page
The Alerts tab
The Bookmarks tab
The Entities tab
The Comments tab
Investigating an incident
Showing related alerts
The Timeline button
The Info button
The Entities button
The Help button
Summary
Questions
Further reading
Chapter 10: Threat Hunting in Azure Sentinel
Introducing the Azure Sentinel Hunting page
The header bar
The summary bar
The hunting queries list
Hunting query details pane
Working with Azure Sentinel Hunting queries
Adding a new query
Editing a query
Cloning a query
Deleting a query
Working with Livestream
Working with bookmarks
Creating a bookmark
Viewing bookmarks
Using Azure Sentinel Notebooks
The header bar
The summary bar
The notebook list
The notebook details pane
Performing a hunt
Develop premise
Determine data
Plan hunt
Execute investigation
Respond
Monitor
Improve
Summary
Questions
Further reading
Section 4: Integration and Automation
Chapter 11: Creating Playbooks and Logic Apps
Introduction to Azure Sentinel playbooks
Playbook pricing
Overview of the Azure Sentinel connector
Exploring the Playbooks page
The header bar
The summary bar
Logic app listing
Logic Apps settings page
The menu bar
The header bar
The essentials section
The summary section
The Runs history section
Creating a new playbook
Using the Logic Apps Designer page
The Logic Apps Designer header bar
The Logic Apps Designer workflow editor section
Creating a simple Azure Sentinel playbook
Summary
Questions
Further reading
Chapter 12: ServiceNow Integration
Overview of Azure Sentinel alerts
Overview of IT Service Management (ITSM)
Logging in to ServiceNow
Creating a playbook to trigger a ticket in ServiceNow
Cloning an existing logic app
Modifying the playbook
Additional incident information
Adding dynamic content
Adding static content
Adding an expression
Summary
Questions
Further reading
Section 5: Operational Guidance
Chapter 13: Operational Tasks for Azure Sentinel
Dividing SOC duties
SOC engineers
SOC analysts
Operational tasks for SOC engineers
Daily tasks
Weekly tasks
Monthly tasks
Ad hoc tasks
Operational tasks for SOC analysts
Daily tasks
Weekly tasks
Monthly tasks
Ad hoc tasks
Summary
Questions
Chapter 14: Constant Learning and Community Contribution
Official resources from Microsoft
Official documentation
Tech community โ€“ blogs
Tech community โ€“ forum
Feature requests
LinkedIn groups
Other resources
Resources for SOC operations
MITRE ATT&CKยฎ framework
National Institute of Standards for Technology (NIST)
Using GitHub
GitHub for Azure Sentinel
GitHub for community contribution
Specific components and supporting technologies
Kusto Query Language
Jupyter Notebook
Machine learning with Fusion
Azure Logic Apps
Summary
Assessments
Chapter 1
Chapter 2
Chapter 3
Chapter 4
Chapter 5
Chapter 6
Chapter 7
Chapter 8
Chapter 9
Chapter 10
Chapter 11
Chapter 12
Chapter 13
Other Books You May Enjoy
Index

๐Ÿ“œ SIMILAR VOLUMES

Learn Azure Sentinel: Integrate Azure se
๐Ÿ“ Learn Azure Sentinel: Integrate Azure security with artificial intelligence to build secure cloud systems
โœ Richard Diver, Gary Bushey ๐Ÿ“‚ Library ๐Ÿ“… 2020 ๐Ÿ› Packt Publishing ๐ŸŒ English

<p><b>Understand how to set up, configure, and use Azure Sentinel to provide security incident and event management services for your environment</b></p> <h4>Key Features</h4> <ul><li>Secure your network, infrastructure, data, and applications on Microsoft Azure effectively </li> <li>Integrate artif

Learn Azure Sentinel: Integrate Azure se
๐Ÿ“ Learn Azure Sentinel: Integrate Azure security with artificial intelligence to build secure cloud systems
โœ Richard Diver; Gary Bushey ๐Ÿ“‚ Library ๐Ÿ“… 2020 ๐Ÿ› Packt Publishing ๐ŸŒ English

Azure Sentinel is a Security Information and Event Management (SIEM) tool developed by Microsoft to integrate cloud security and artificial intelligence (AI). Azure Sentinel not only helps clients identify security issues in their environment, but also uses automation to help resolve these issues. W

Learn Azure Sentinel: Integrate Azure se
๐Ÿ“ Learn Azure Sentinel: Integrate Azure security with artificial intelligence to build secure cloud systems
โœ Richard Diver; Gary Bushey ๐Ÿ“‚ Library ๐Ÿ“… 2020 ๐Ÿ› Packt Publishing ๐ŸŒ English

Azure Sentinel is a Security Information and Event Management (SIEM) tool developed by Microsoft to integrate cloud security and artificial intelligence (AI). Azure Sentinel not only helps clients identify security issues in their environment, but also uses automation to help resolve these issues. W

Mastering Azure Security: Safeguard your
๐Ÿ“ Mastering Azure Security: Safeguard your Azure workload with innovative cloud security measures
โœ Mustafa Toroman, Tom Janetscheck ๐Ÿ“‚ Library ๐Ÿ“… 2020 ๐Ÿ› Packt Publishing ๐ŸŒ English

<p><b>Leverage Azure security services to architect robust cloud solutions in Microsoft Azure</b></p> <h4>Key Features</h4> <ul><li>Secure your Azure cloud workloads across applications and networks </li> <li>Protect your Azure infrastructure from cyber attacks </li> <li>Discover tips and techniques

Mastering Azure Security: Safeguard your
๐Ÿ“ Mastering Azure Security: Safeguard your Azure workload with innovative cloud security measures
โœ Mustafa Toroman, Tom Janetscheck ๐Ÿ“‚ Library ๐Ÿ“… 2020 ๐Ÿ› Packt Publishing ๐ŸŒ English

Security is always integrated into cloud platforms, causing users to let their guard down as they take cloud security for granted. Cloud computing brings new security challenges, but you can overcome these with Microsoft Azure's shared responsibility model. Mastering Azure Security covers the lat

Azure Cloud Security for Absolute Beginn
๐Ÿ“ Azure Cloud Security for Absolute Beginners: Enabling Cloud Infrastructure Security with Multi-Level Security Options
โœ Pushpa Herath ๐Ÿ“‚ Library ๐Ÿ“… 2021 ๐Ÿ› Apress ๐ŸŒ English

<p>Implement cloud security with Azure security tools, configurations and policies that address the needs of businesses and governments alike.ย This book introduces you to the most important security solutions available in Azure and provides you with step-by-step guidance to effectively set up securi