舉報 
會員
Learn Azure Sentinel
AzureSentinelisaSecurityInformationandEventManagement(SIEM)tooldevelopedbyMicrosofttointegratecloudsecurityandartificialintelligence(AI).AzureSentinelnotonlyhelpsclientsidentifysecurityissuesintheirenvironment,butalsousesautomationtohelpresolvetheseissues.Withthisbook,you’llimplementAzureSentinelandunderstandhowitcanhelpfindsecurityincidentsinyourenvironmentwithintegratedartificialintelligence,threatanalysis,andbuilt-inandcommunity-drivenlogic.ThisbookstartswithanintroductiontoAzureSentinelandLogAnalytics.You’llgettogripswithdatacollectionandmanagement,beforelearninghowtocreateeffectiveAzureSentinelqueriestodetectanomalousbehaviorsandpatternsofactivity.Asyoumakeprogress,you’llunderstandhowtodevelopsolutionsthatautomatetheresponsesrequiredtohandlesecurityincidents.Finally,you’llgraspthelatestdevelopmentsinsecurity,discovertechniquestoenhanceyourcloudsecurityarchitecture,andexplorehowyoucancontributetothesecuritycommunity.Bytheendofthisbook,you’llhavelearnedhowtoimplementAzureSentineltofityourneedsandbeabletoprotectyourenvironmentfromcyberthreatsandothersecurityissues.
目錄(156章)
倒序
- 封面
- Learn Azure Sentinel
- Learn Azure Sentinel
- Why subscribe?
- Foreword
- Contributors
- About the authors
- About the reviewers
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Section 1: Design and Implementation
- Chapter 1: Getting Started with Azure Sentinel
- The current cloud security landscape
- The cloud security reference framework
- SOC platform components
- Mapping the SOC architecture
- Security solution integrations
- Cloud platform integrations
- Private infrastructure integrations
- Service pricing for Azure Sentinel
- Scenario mapping
- Summary
- Questions
- Further reading
- Chapter 2: Azure Monitor – Log Analytics
- Technical requirements
- Introduction to Azure Monitor Log Analytics
- Managing the permissions of the workspace
- Enabling Azure Sentinel
- Exploring the Azure Sentinel Overview page
- Advanced settings for Log Analytics
- Summary
- Questions
- Further reading
- Section 2: Data Connectors Management and Queries
- Chapter 3: Managing and Collecting Data
- Choosing data that matters
- Understanding connectors
- Configuring Azure Sentinel connectors
- Configuring Log Analytics storage options
- Summary
- Questions
- Further reading
- Chapter 4: Integrating Threat Intelligence
- Introduction to TI
- Understanding STIX and TAXII
- Choosing the right intel feeds for your needs
- Implementing TI connectors
- Summary
- Questions
- Further reading
- Chapter 5: Using the Kusto Query Language (KQL)
- Running KQL queries
- Introduction to KQL commands
- Summary
- Questions
- Further reading
- Chapter 6: Azure Sentinel Logs and Writing Queries
- An introduction to the Azure Sentinel Logs page
- Navigating through the Logs page
- Writing a query
- Summary
- Questions
- Further reading
- Section 3: Security Threat Hunting
- Chapter 7: Creating Analytic Rules
- An introduction to Azure Sentinel Analytics
- Creating an analytic rule
- Managing analytic rules
- Summary
- Questions
- Further reading
- Chapter 8:Introducing Workbooks
- An overview of the Workbooks page
- Walking through an existing workbook
- Creating workbooks
- Editing a workbook
- Managing workbooks
- Workbook step types
- Summary
- Questions
- Further reading
- Chapter 9:Incident Management
- Using the Azure Sentinel Incidents page
- Exploring the full details page
- Investigating an incident
- Summary
- Questions
- Further reading
- Chapter 10: Threat Hunting in Azure Sentinel
- Introducing the Azure Sentinel Hunting page
- Working with Azure Sentinel Hunting queries
- Working with Livestream
- Working with bookmarks
- Using Azure Sentinel Notebooks
- Performing a hunt
- Summary
- Questions
- Further reading
- Section 4: Integration and Automation
- Chapter 11: Creating Playbooks and Logic Apps
- Introduction to Azure Sentinel playbooks
- Playbook pricing
- Overview of the Azure Sentinel connector
- Exploring the Playbooks page
- Logic Apps settings page
- Creating a new playbook
- Using the Logic Apps Designer page
- Creating a simple Azure Sentinel playbook
- Summary
- Questions
- Further reading
- Chapter 12: ServiceNow Integration
- Overview of Azure Sentinel alerts
- Overview of IT Service Management (ITSM)
- Logging in to ServiceNow
- Creating a playbook to trigger a ticket in ServiceNow
- Summary
- Questions
- Further reading
- Section 5: Operational Guidance
- Chapter 13: Operational Tasks for Azure Sentinel
- Dividing SOC duties
- Operational tasks for SOC engineers
- Operational tasks for SOC analysts
- Summary
- Questions
- Chapter 14: Constant Learning and Community Contribution
- Official resources from Microsoft
- Resources for SOC operations
- Using GitHub
- Specific components and supporting technologies
- Summary
- Assessments
- Chapter 1
- Chapter 2
- Chapter 3
- Chapter 4
- Chapter 5
- Chapter 6
- Chapter 7
- Chapter 8
- Chapter 9
- Chapter 10
- Chapter 11
- Chapter 12
- Chapter 13
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-30 15:08:47
推薦閱讀
- RESTful Java Web Services Security
- API安全實戰
- Learning Python for Forensics
- 網絡安全保障能力研究
- Rootkit和Bootkit:現代惡意軟件逆向分析和下一代威脅
- 網絡空間安全:管理者讀物
- Kali Linux Network Scanning Cookbook(Second Edition)
- 網絡安全設計、配置與管理大全
- 安全防御入門手冊
- 華為防火墻實戰指南
- 網絡用戶行為的安全可信分析與控制
- 博弈論與數據安全
- Kali Linux高級滲透測試(原書第4版)
- 數字銀行安全體系構建
- 云計算安全:關鍵技術、原理及應用
- Securing Network Infrastructure
- 隱私保護機器學習
- 惡意軟件、Rootkit和僵尸網絡
- ATT&CK框架實踐指南(第2版)
- 從實踐中學習TCP/IP協議
- 0day安全
- Web應用漏洞掃描產品原理與應用
- Web滲透測試從新手到高手(微課超值版)
- 網絡關鍵設備安全通用要求解讀
- Schneier的安全忠告
- 小小黑客之路
- 黑客攻防從入門到精通(社會工程學篇)
- AWS Certified Security:Specialty Exam Guide
- 響應式安全:構建企業信息安全體系
- 博弈系統論:黒客行為預測與管理
