an icon showing a delivery van Shulph delivers to United Kingdom.
Book cover for Microsoft Sentinel in Action, a book by Richard Diver, Gary Bushey, John Perkins Book cover for Microsoft Sentinel in Action, a book by Richard Diver, Gary Bushey, John Perkins

Microsoft Sentinel in Action

Architect, design, implement, and operate Microsoft Sentinel as the core of your security solutions
2022 ᛫


Powered by RoundRead®
This book leverages Shulph’s RoundRead system - buy the book once and read it on both physical book and on up to 5 of your personal devices. With RoundRead, you’re 4 times more likely to read this book cover-to-cover and up to 3 times faster.
Book £ 33.99
Book + eBook £ 40.79
eBook Only £ 24.88
Add to Read List


Instant access to ebook. Print book delivers in 5 - 20 working days.

Summary


Learn how to set up, configure, and use Microsoft Sentinel to provide security incident and event management services for your multi-cloud environment

Key Features

  • Collect, normalize, and analyze security information from multiple data sources
  • Integrate AI, machine learning, built-in and custom threat analyses, and automation to build optimal security solutions
  • Detect and investigate possible security breaches to tackle complex and advanced cyber threats

Book Description

Microsoft Sentinel is a security information and event management (SIEM) tool developed by Microsoft that helps you integrate cloud security and artificial intelligence (AI). This book will teach you how to implement Microsoft Sentinel and understand how it can help detect security incidents in your environment with integrated AI, threat analysis, and built-in and community-driven logic.

The first part of this book will introduce you to Microsoft Sentinel and Log Analytics, then move on to understanding data collection and management, as well as how to create effective Microsoft Sentinel queries to detect anomalous behaviors and activity patterns. The next part will focus on useful features, such as entity behavior analytics and Microsoft Sentinel playbooks, along with exploring the new bi-directional connector for ServiceNow. In the next part, you'll be learning how to develop solutions that automate responses needed to handle security incidents and find out more about the latest developments in security, techniques to enhance your cloud security architecture, and explore how you can contribute to the security community.

By the end of this book, you'll have learned how to implement Microsoft Sentinel to fit your needs and protect your environment from cyber threats and other security issues.

What you will learn

  • Implement Log Analytics and enable Microsoft Sentinel and data ingestion from multiple sources
  • Tackle Kusto Query Language (KQL) coding
  • Discover how to carry out threat hunting activities in Microsoft Sentinel
  • Connect Microsoft Sentinel to ServiceNow for automated ticketing
  • Find out how to detect threats and create automated responses for immediate resolution
  • Use triggers and actions with Microsoft Sentinel playbooks to perform automations

Who this book is for

You'll get the most out of this book if you have a good grasp on other Microsoft security products and Azure, and are now looking to expand your knowledge to incorporate Microsoft Sentinel. Security experts who use an alternative SIEM tool and want to adopt Microsoft Sentinel as an additional or a replacement service will also find this book useful.

About the authors



Richard Diver - Richard Diver is a senior technical business strategy manager for the Microsoft Security Solutions group, focused on developing security partners. Based in Chicago, Richard works with advanced security and compliance partners to help them build solutions across the entire Microsoft platform, including Microsoft Sentinel, Microsoft Defender, Microsoft 365 security solutions, and many more. Prior to Microsoft, Richard worked in multiple industries and for several Microsoft partners to architect and implement cloud security solutions for a wide variety of customers around the world. Any spare time he gets is usually spent with his family.

Gary Bushey - Gary Bushey is an Azure security expert with over 25 years of IT experience. He got his start early on when he helped his fifth-grade math teacher with their programming homework and worked all one summer to be able to afford his first computer, a Commodore 64. When he sold his first program, an apartment management system, at 14 he was hooked. During his career, he has worked as a developer, consultant, trainer, and architect. When not spending time in front of a computer, you can find him hiking in the woods, taking pictures, or just picking a direction and finding out what is around the next corner.

John Perkins - John Perkins is the founder and principal of Threat Angler, a cybersecurity service provider that specializes in managed services, professional services, and training with a focus on delivering cybersecurity outcomes to customers of all shapes and sizes. John has over 20 years of experience in cybersecurity and has contributed to nearly all cybersecurity disciplines during his career. He has experience with numerous applications, including Microsoft Sentinel, and has designed, built, and led managed security services for several large service providers. In his free time, John enjoys spending time with his family, traveling, and staying active.