Learn Azure Sentinel

Diver, Richard, Bushey, Gary

  • 出版商: Packt Publishing
  • 出版日期: 2020-04-06
  • 售價: $1,220
  • 貴賓價: 9.5$1,159
  • 語言: 英文
  • 頁數: 404
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 183898092X
  • ISBN-13: 9781838980924
  • 相關分類: Microsoft Azure
  • 立即出貨 (庫存=1)

買這商品的人也買了...

商品描述

Understand how to set up, configure, and use Azure Sentinel to provide security incident and event management services for your environment

Key Features

  • Secure your network, infrastructure, data, and applications on Microsoft Azure effectively
  • Integrate artificial intelligence, threat analysis, and automation for optimal security solutions
  • Investigate possible security breaches and gather forensic evidence to prevent modern cyber threats

Book Description

Azure Sentinel is a Security Information and Event Management (SIEM) tool developed by Microsoft to integrate cloud security and artificial intelligence (AI). Azure Sentinel not only helps clients identify security issues in their environment, but also uses automation to help resolve these issues. With this book, you’ll implement Azure Sentinel and understand how it can help find security incidents in your environment with integrated artificial intelligence, threat analysis, and built-in and community-driven logic.

This book starts with an introduction to Azure Sentinel and Log Analytics. You’ll get to grips with data collection and management, before learning how to create effective Azure Sentinel queries to detect anomalous behaviors and patterns of activity. As you make progress, you’ll understand how to develop solutions that automate the responses required to handle security incidents. Finally, you’ll grasp the latest developments in security, discover techniques to enhance your cloud security architecture, and explore how you can contribute to the security community.

By the end of this book, you’ll have learned how to implement Azure Sentinel to fit your needs and be able to protect your environment from cyber threats and other security issues.

What you will learn

  • Understand how to design and build a security operations center
  • Discover the key components of a cloud security architecture
  • Manage and investigate Azure Sentinel incidents
  • Use playbooks to automate incident responses
  • Understand how to set up Azure Monitor Log Analytics and Azure Sentinel
  • Ingest data into Azure Sentinel from the cloud and on-premises devices
  • Perform threat hunting in Azure Sentinel

Who this book is for

This book is for solution architects and system administrators who are responsible for implementing new solutions in their infrastructure. Security analysts who need to monitor and provide immediate security solutions or threat hunters looking to learn how to use Azure Sentinel to investigate possible security breaches and gather forensic evidence will also benefit from this book. Prior experience with cloud security, particularly Azure, is necessary.

商品描述(中文翻譯)

了解如何設置、配置和使用Azure Sentinel為您的環境提供安全事件和事件管理服務。

主要特點:

- 有效地保護Microsoft Azure上的網絡、基礎設施、數據和應用程序。
- 整合人工智能、威脅分析和自動化,提供最佳安全解決方案。
- 調查可能的安全漏洞,收集法庭證據,防止現代網絡威脅。

書籍描述:

Azure Sentinel是由Microsoft開發的安全信息和事件管理(SIEM)工具,用於整合雲安全和人工智能。Azure Sentinel不僅幫助客戶識別環境中的安全問題,還使用自動化來解決這些問題。通過本書,您將實施Azure Sentinel,了解如何通過集成的人工智能、威脅分析和內置和社區驅動的邏輯,在您的環境中找到安全事件。

本書從介紹Azure Sentinel和Log Analytics開始。您將瞭解數據收集和管理,然後學習如何創建有效的Azure Sentinel查詢以檢測異常行為和活動模式。隨著進展,您將了解如何開發自動化響應所需的解決方案來處理安全事件。最後,您將掌握安全的最新發展,發現增強雲安全架構的技術,並探索如何為安全社區做出貢獻。

通過閱讀本書,您將學習如何根據自己的需求實施Azure Sentinel,並能夠保護您的環境免受網絡威脅和其他安全問題。

您將學到什麼:

- 瞭解如何設計和構建安全運營中心。
- 探索雲安全架構的關鍵組件。
- 管理和調查Azure Sentinel事件。
- 使用playbooks自動化事件響應。
- 瞭解如何設置Azure Monitor Log Analytics和Azure Sentinel。
- 從雲端和本地設備將數據載入Azure Sentinel。
- 在Azure Sentinel中進行威脅狩獵。

本書適合解決方案架構師和系統管理員,他們負責在基礎設施中實施新解決方案。需要監控並提供即時安全解決方案的安全分析師,或者希望學習如何使用Azure Sentinel調查可能的安全漏洞並收集法庭證據的威脅狩獵者,也會從本書中受益。需要具備雲安全,特別是Azure方面的先驗知識。

作者簡介

Richard Diver has over 25 years' international experience in technology with a deep technical background in cloud security, identity management, and information security. He works at Insight as the lead for Cloud Security Architecture, working with top partners across the industry to deliver comprehensive cloud security solutions. Any spare time he gets is usually spent with his family.

Gary Bushey is an Azure security expert with over 25 years of IT experience. He got his start early on when he helped his fifth-grade math teacher with their programming homework and worked all one summer to be able to afford his first computer, a Commodore 64. When he sold his first program, an apartment management system, at 14 he was hooked. During his career, he has worked as a developer, consultant, trainer, and architect. When not spending time in front of a computer, you can find him hiking in the woods, taking pictures, or just picking a direction and finding out what is around the next corner.

作者簡介(中文翻譯)

Richard Diver在科技領域擁有超過25年的國際經驗,專注於雲端安全、身份管理和資訊安全。他在Insight擔任雲端安全架構的主要負責人,與業界頂尖合作夥伴合作,提供全面的雲端安全解決方案。他平常空閒的時間通常都是和家人在一起。

Gary Bushey是一位Azure安全專家,擁有超過25年的IT經驗。他從小就開始幫助他的五年級數學老師完成程式設計作業,並在一個夏天努力工作以購買他的第一台電腦,一台Commodore 64。當他在14歲時賣出他的第一個程式,一個公寓管理系統時,他就迷上了程式設計。在他的職業生涯中,他曾擔任開發人員、顧問、培訓師和架構師。當他不在電腦前度過時間時,你可以在森林中找到他徒步旅行、拍照,或者只是隨意選擇一個方向,看看下一個轉角有什麼驚喜。

目錄大綱

  1. Getting Started with Azure Sentinel
  2. Azure Monitor - Log Analytics
  3. Managing and Collecting Data
  4. Threat Intelligence Integration
  5. Using the Kusto Query Language (KQL)
  6. Creating Useful Queries
  7. Creating Analytic Rules
  8. Introduction to Using Workbooks
  9. Incident Management
  10. Hunting and Forensics Gathering
  11. Creating Playbooks and Logic Apps
  12. ServiceNow Integration
  13. Operational Tasks for Azure Sentinel
  14. Constant learning and community contribution

目錄大綱(中文翻譯)

- Azure Sentinel 入門指南
- Azure Monitor - Log Analytics
- 資料管理與收集
- 威脅情報整合
- 使用 Kusto 查詢語言 (KQL)
- 創建有用的查詢
- 創建分析規則
- 使用工作簿入門
- 事件管理
- 獵殺和取證收集
- 創建 Playbooks 和 Logic Apps
- ServiceNow 整合
- Azure Sentinel 的操作任務
- 持續學習和社群貢獻