舉報 
會員
Learn Azure Sentinel
AzureSentinelisaSecurityInformationandEventManagement(SIEM)tooldevelopedbyMicrosofttointegratecloudsecurityandartificialintelligence(AI).AzureSentinelnotonlyhelpsclientsidentifysecurityissuesintheirenvironment,butalsousesautomationtohelpresolvetheseissues.Withthisbook,you’llimplementAzureSentinelandunderstandhowitcanhelpfindsecurityincidentsinyourenvironmentwithintegratedartificialintelligence,threatanalysis,andbuilt-inandcommunity-drivenlogic.ThisbookstartswithanintroductiontoAzureSentinelandLogAnalytics.You’llgettogripswithdatacollectionandmanagement,beforelearninghowtocreateeffectiveAzureSentinelqueriestodetectanomalousbehaviorsandpatternsofactivity.Asyoumakeprogress,you’llunderstandhowtodevelopsolutionsthatautomatetheresponsesrequiredtohandlesecurityincidents.Finally,you’llgraspthelatestdevelopmentsinsecurity,discovertechniquestoenhanceyourcloudsecurityarchitecture,andexplorehowyoucancontributetothesecuritycommunity.Bytheendofthisbook,you’llhavelearnedhowtoimplementAzureSentineltofityourneedsandbeabletoprotectyourenvironmentfromcyberthreatsandothersecurityissues.
目錄(156章)
倒序
- 封面
- Learn Azure Sentinel
- Learn Azure Sentinel
- Why subscribe?
- Foreword
- Contributors
- About the authors
- About the reviewers
- Packt is searching for authors like you
- Preface
- Who this book is for
- What this book covers
- To get the most out of this book
- Download the color images
- Conventions used
- Get in touch
- Reviews
- Section 1: Design and Implementation
- Chapter 1: Getting Started with Azure Sentinel
- The current cloud security landscape
- The cloud security reference framework
- SOC platform components
- Mapping the SOC architecture
- Security solution integrations
- Cloud platform integrations
- Private infrastructure integrations
- Service pricing for Azure Sentinel
- Scenario mapping
- Summary
- Questions
- Further reading
- Chapter 2: Azure Monitor – Log Analytics
- Technical requirements
- Introduction to Azure Monitor Log Analytics
- Managing the permissions of the workspace
- Enabling Azure Sentinel
- Exploring the Azure Sentinel Overview page
- Advanced settings for Log Analytics
- Summary
- Questions
- Further reading
- Section 2: Data Connectors Management and Queries
- Chapter 3: Managing and Collecting Data
- Choosing data that matters
- Understanding connectors
- Configuring Azure Sentinel connectors
- Configuring Log Analytics storage options
- Summary
- Questions
- Further reading
- Chapter 4: Integrating Threat Intelligence
- Introduction to TI
- Understanding STIX and TAXII
- Choosing the right intel feeds for your needs
- Implementing TI connectors
- Summary
- Questions
- Further reading
- Chapter 5: Using the Kusto Query Language (KQL)
- Running KQL queries
- Introduction to KQL commands
- Summary
- Questions
- Further reading
- Chapter 6: Azure Sentinel Logs and Writing Queries
- An introduction to the Azure Sentinel Logs page
- Navigating through the Logs page
- Writing a query
- Summary
- Questions
- Further reading
- Section 3: Security Threat Hunting
- Chapter 7: Creating Analytic Rules
- An introduction to Azure Sentinel Analytics
- Creating an analytic rule
- Managing analytic rules
- Summary
- Questions
- Further reading
- Chapter 8:Introducing Workbooks
- An overview of the Workbooks page
- Walking through an existing workbook
- Creating workbooks
- Editing a workbook
- Managing workbooks
- Workbook step types
- Summary
- Questions
- Further reading
- Chapter 9:Incident Management
- Using the Azure Sentinel Incidents page
- Exploring the full details page
- Investigating an incident
- Summary
- Questions
- Further reading
- Chapter 10: Threat Hunting in Azure Sentinel
- Introducing the Azure Sentinel Hunting page
- Working with Azure Sentinel Hunting queries
- Working with Livestream
- Working with bookmarks
- Using Azure Sentinel Notebooks
- Performing a hunt
- Summary
- Questions
- Further reading
- Section 4: Integration and Automation
- Chapter 11: Creating Playbooks and Logic Apps
- Introduction to Azure Sentinel playbooks
- Playbook pricing
- Overview of the Azure Sentinel connector
- Exploring the Playbooks page
- Logic Apps settings page
- Creating a new playbook
- Using the Logic Apps Designer page
- Creating a simple Azure Sentinel playbook
- Summary
- Questions
- Further reading
- Chapter 12: ServiceNow Integration
- Overview of Azure Sentinel alerts
- Overview of IT Service Management (ITSM)
- Logging in to ServiceNow
- Creating a playbook to trigger a ticket in ServiceNow
- Summary
- Questions
- Further reading
- Section 5: Operational Guidance
- Chapter 13: Operational Tasks for Azure Sentinel
- Dividing SOC duties
- Operational tasks for SOC engineers
- Operational tasks for SOC analysts
- Summary
- Questions
- Chapter 14: Constant Learning and Community Contribution
- Official resources from Microsoft
- Resources for SOC operations
- Using GitHub
- Specific components and supporting technologies
- Summary
- Assessments
- Chapter 1
- Chapter 2
- Chapter 3
- Chapter 4
- Chapter 5
- Chapter 6
- Chapter 7
- Chapter 8
- Chapter 9
- Chapter 10
- Chapter 11
- Chapter 12
- Chapter 13
- Other Books You May Enjoy
- Leave a review - let other readers know what you think 更新時間:2021-06-30 15:08:47
推薦閱讀
- 網絡安全保障能力研究
- 暗戰亮劍:黑客滲透與防御全程實錄
- 深入淺出隱私計算:技術解析與應用實踐
- Enterprise Cloud Security and Governance
- 網絡安全技術與實訓(第4版)(微課版)
- Learning Devise for Rails
- 數據安全與流通:技術、架構與實踐
- Learn Azure Sentinel
- Web代碼安全漏洞深度剖析
- 計算機系統與網絡安全研究
- Manga Studio 5 Beginner's Guide
- 5G網絡安全規劃與實踐
- BeagleBone for Secret Agents
- 網絡空間安全實踐能力分級培養(I)
- 網絡安全等級保護2.0:定級、測評、實施與運維
- 從實踐中學習Web防火墻構建
- Burp Suite Essentials
- Securing Docker
- 互聯網金融法律與風險控制(第2版)
- 應用軟件安全代碼審查指南(新型網絡安全人才培養叢書)
- Mastering Blockchain
- 漏洞
- 白帽子安全開發實戰
- Kali Linux Network Scanning Cookbook
- 計算機網絡安全與防護
- 計算機病毒學
- 黑客攻防從入門到精通(黑客與反黑工具篇·全新升級版)
- Learn Computer Forensics
- SELinux System Administration
- 移動終端安全架構及關鍵技術
