Microsoft Azure Sentinel: Planning and Implementing Microsofts Cloud-Native Siem Solution

Microsoft Azure Sentinel

 

 

Plan, deploy, and operate Azure Sentinel, Microsoft's advanced cloud-based SIEM

 

 

 

Microsoft's cloud-based Azure Sentinel helps you fully leverage advanced AI to automate threat identification and response -- without the complexity and scalability challenges of traditional Security Information and Event Management (SIEM) solutions. Now, three of Microsoft's leading experts review all it can do, and guide you step-by-step through planning, deployment, and daily operations. Leveraging in-the-trenches experience supporting early customers, they cover everything from configuration to data ingestion, rule development to incident management... even proactive threat hunting to disrupt attacks before you're exploited.

 

 

 

 

Three of Microsoft's leading security operations experts show how to:

 

 

- Use Azure Sentinel to respond to today's fast-evolving cybersecurity environment, and leverage the benefits of its cloud-native architecture

 

- Review threat intelligence essentials: attacker motivations, potential targets, and tactics, techniques, and procedures

 

- Explore Azure Sentinel components, architecture, design considerations, and initial configuration

 

- Ingest alert log data from services and endpoints you need to monitor

 

- Build and validate rules to analyze ingested data and create cases for investigation

 

- Prevent alert fatigue by projecting how many incidents each rule will generate

 

- Help Security Operation Centers (SOCs) seamlessly manage each incident's lifecycle

 

- Move towards proactive threat hunting: identify sophisticated threat behaviors and disrupt cyber kill chains before you're exploited

 

- Do more with data: use programmable Jupyter notebooks and their libraries for machine learning, visualization, and data analysis

 

- Use Playbooks to perform Security Orchestration, Automation and Response (SOAR)

 

- Save resources by automating responses to low-level events

 

- Create visualizations to spot trends, identify or clarify relationships, and speed decisions

 

- Integrate with partners and other third-parties, including Fortinet, AWS, and Palo Alto

 

Microsoft Azure Sentinel

計劃、部署和操作 Azure Sentinel，Microsoft 的先進基於雲端的 SIEM

Microsoft 的基於雲端的 Azure Sentinel 幫助您充分利用先進的人工智慧來自動化威脅識別和回應，而無需面對傳統安全資訊和事件管理 (SIEM) 解決方案所帶來的複雜性和可擴展性挑戰。現在，三位 Microsoft 的頂尖專家將為您詳細介紹 Azure Sentinel 的所有功能，並逐步指導您進行計劃、部署和日常操作。他們基於支援早期客戶的實戰經驗，涵蓋了從配置到數據輸入、規則開發到事件管理的所有內容...甚至是主動威脅狩獵，以在您受到攻擊之前破壞攻擊。

三位 Microsoft 的頂尖安全運營專家將展示如何：

- 使用 Azure Sentinel 回應當今快速演變的網絡安全環境，並利用其基於雲端的架構的優勢
- 檢閱威脅情報的基本要素：攻擊者的動機、潛在目標以及戰術、技術和程序
- 探索 Azure Sentinel 的組件、架構、設計考慮因素和初始配置
- 從需要監控的服務和端點中輸入警報日誌數據
- 構建和驗證規則以分析輸入的數據並創建調查案例
- 通過預測每個規則將生成多少事件來防止警報疲勞
- 幫助安全運營中心 (SOC) 無縫管理每個事件的生命周期
- 走向主動威脅狩獵：在您受到攻擊之前識別複雜的威脅行為並破壞攻擊鏈
- 在數據方面做更多：使用可編程的 Jupyter 筆記本及其庫進行機器學習、可視化和數據分析
- 使用 Playbooks 執行安全編排、自動化和回應 (SOAR)
- 通過自動化對低級事件的回應來節省資源
- 創建可視化圖表以發現趨勢、識別或澄清關係並加快決策速度
- 與合作夥伴和其他第三方集成，包括 Fortinet、AWS 和 Palo Alto

Yuri Diogenes, Senior Program Manager at Microsoft Cybersecurity Engineering's Cloud and Artificial Intelligence Division, works closely with Azure Sentinel and Azure Security Center. Also a Professor at EC-Council University's MS and BS-level Cybersecurity programs, he holds an MS in Cybersecurity Intelligence & Forensics from Utica College, an MBA from FGF in Brazil, and several industry certifications. He is co-author of Microsoft Azure Security Center, Second Edition; Enterprise Mobility Suite: Managing BYOD and Company-Owned Devices, and other Microsoft Press books.
Nicholas DiCola is Principal Program Manager at Microsoft Cybersecurity Engineering's Cloud and Artificial Intelligence Division, where he assists customers in deploying advanced Microsoft Azure security systems. Before joining Microsoft in 2006, he was IT/Cyber Specialist on Active Duty in the U.S. Marine Corps. He was contributing author of Automating Active Directory Administration with PowerShell.
Jonathan Trull (CSSP, CISSP, CISA, OSCP) is Global Director for the Microsoft Cybersecurity Solutions Group. He leads Microsoft's team of security advisors and cloud security architects in providing strategic direction for Microsoft security offerings and engaging with customers and partners worldwide. His 20 years of information security experience includes stints as VP and CISO for Optiv; as CISO for Qualys; and as CISO for the State of Colorado. As faculty member in Regis University's information assurance graduate program, he develops and teaches courses on network forensics, security architecture and design, malware analysis, and legal concepts in information security.

Yuri Diogenes，微軟Cybersecurity Engineering的雲端和人工智慧部門的高級計畫經理，與Azure Sentinel和Azure Security Center密切合作。他還是EC-Council大學MS和BS級別的網路安全課程的教授，擁有Utica College的網路安全情報和法醫學碩士學位，以及巴西FGF的MBA學位，並擁有多個行業認證。他是《Microsoft Azure Security Center, Second Edition》、《Enterprise Mobility Suite: Managing BYOD and Company-Owned Devices》和其他微軟出版書籍的合著者。

Nicholas DiCola是微軟Cybersecurity Engineering的雲端和人工智慧部門的首席計畫經理，協助客戶部署先進的Microsoft Azure安全系統。在2006年加入微軟之前，他在美國海軍陸戰隊擔任IT/Cyber Specialist。他是《Automating Active Directory Administration with PowerShell》的貢獻作者。

Jonathan Trull（CSSP，CISSP，CISA，OSCP）是微軟Cybersecurity Solutions Group的全球總監。他領導微軟的安全顧問和雲端安全架構師團隊，為微軟的安全產品提供戰略方向，並與全球客戶和合作夥伴合作。他擁有20年的資訊安全經驗，曾擔任Optiv的副總裁和CISO，Qualys的CISO，以及科羅拉多州的CISO。作為Regis大學資訊保安研究生課程的教職成員，他開發並教授網路取證、安全架構和設計、惡意軟體分析以及資訊安全法律概念等課程。