I'm a student
I'm an educator
Request full copy

Microsoft Azure Sentinel: Planning and implementing Microsoft's cloud-native SIEM solution, 2nd edition

Published by Microsoft Press (August 19, 2022) © 2023

  • Yuri Diogenes
  • Nicholas DiCola
  • Tiander Turpijn

eTextbook

$37.99

  • Available for purchase from all major ebook resellers, including InformIT.com.
  • To request a review copy, click on the "Request a Review Copy" button.
$31.99

  • A print text (hardcover or paperback) 
  • Free shipping
  • Also available for purchase as an ebook from all major ebook resellers, including InformIT.com

Microsoft Sentinel is a scalable, cloud-native, security information and event management (SIEM) and security orchestration, automation, and response (SOAR) solution that helps to automate threat identification and response―without the complexity and scalability challenges of traditional Security Information and Event Management (SIEM) solutions. Three of Microsoft's leading experts review all it can do, and guide you step by step through planning, deployment, and daily operations. The second edition of this book brings the latest updates in the product and new use case scenarios for investigation, hunting, automation, and orchestration.

·     Use Microsoft Sentinel to respond to today's fast-evolving cybersecurity environment, and leverage the benefits of its cloud-native architecture

·     Review threat intelligence essentials: attacker motivations, potential targets, and tactics, techniques, and procedures

·     Explore Microsoft Sentinel components, architecture, design considerations, and initial configuration

·     Ingest alert log data from services and endpoints you need to monitor

·     Build and validate rules to analyze ingested data and create cases for investigation

·     Prevent alert fatigue by projecting how many incidents each rule will generate

·     Help Security Operation Centers (SOCs) seamlessly manage each incident's lifecycle

·     Move towards proactive threat hunting: identify sophisticated threat behaviors and disrupt cyber kill chains before you're exploited

·     Do more with data: use programmable Jupyter notebooks and their libraries for machine learning, visualization, and data analysis

·     Use Playbooks to perform Security Orchestration, Automation and Response (SOAR)

·     Save resources by automating responses to low-level events

·     Create visualizations to spot trends, identify or clarify relationships, and speed decisions

·     Integrate with partners solutions

This new edition will revisit the best practices for designing and deploying Microsoft Sentinel at scale and how to connect to different data sources.

CHAPTER 1: Security challenges for SecOps

CHAPTER 2: Introduction to Microsoft Sentinel

CHAPTER 3: Analytics

CHAPTER 4: Incident management

CHAPTER 5: Hunting

CHAPTER 6: Notebooks

CHAPTER 7: Automating response

CHAPTER 8: Data visualization

CHAPTER 9: Data connectors

APPENDIX A: Introduction to Kusto Query Language

APPENDIX B: Microsoft Sentinel for managed security service providers

Yuri Diogenes, MsC holds a Master of Science in cybersecurity intelligence and forensics investigation from UTICA College and is currently working on his Ph.D. in cybersecurity leadership from Capitol Technology University. Yuri has been working at Microsoft since 2006 and currently is a principal program manager for the CxE Microsoft Defender for Cloud Team. Yuri has published a total of 26 books, mostly about information security and Microsoft technologies. Yuri is also a professor at EC-Council University, where he teaches in the Bachelor of Cybersecurity Program. Yuri is an MBA and holds many IT/Security industry certifications, such as CISSP, MITRE ATT&CK® Cyber Threat Intelligence Certified, E|CND, E|CEH, E|CSA, E|CHFI, CompTIA Security+, CySA+, Network+, CASP, and CyberSec First Responder. You can follow Yuri on Twitter at @yuridiogenes.

Nicholas DiCola is the Vice President of Customers at Zero Networks, where he leads the customer engineering team that helps customers with pilots and deployments of Zero Networks products. He has a Master of Business Administration with a concentration in information systems. He holds various industry certifications, such as CISSP and CEH. You can follow Nicholas on Twitter at @mastersecjedi.

Tiander Turpijn is a principal program manager for Microsoft Sentinel. He joined Microsoft in 1998 and fulfilled multiple roles, from senior escalation support engineer, senior management & security consultant, and architect to a datacenter architecture role. Tiander has a computer science degree and various industry certifications, such as CISSP and CEH. You can follow Tiander on Twitter at @tianderturpijn.

Need help? Get in touch

Video
Play
Privacy and cookies
By watching, you agree Pearson can share your viewership data for marketing and analytics for one year, revocable by deleting your cookies.

Video transcript (PDF | 16KB) 

Pearson eTextbook: What’s on the inside just might surprise you

They say you can’t judge a book by its cover. It’s the same with your students. Meet each one right where they are with an engaging, interactive, personalized learning experience that goes beyond the textbook to fit any schedule, any budget, and any lifestyle. 

Digital Learning NOW

Extend your professional development and meet your students where they are with free weekly Digital Learning NOW webinars. Attend live, watch on-demand, or listen at your leisure to expand your teaching strategies. Earn digital professional development badges for attending a live session.

Explore webinars