Cloud Defense Strategies with Azure Sentinel: Hands-On Threat Hunting in Cloud Logs and Services (Paperback)

Part I (page count 100)

Goals: Introduction to Azure Sentinel es with technical featurthat benefit the business.  Initial configuration using Azure subscription data connectors, discuss 3rd party integration and alignment with other Azure Security Services. XDR introduction, why it is an industry standard and how to use it in Sentinel.

Sub-Topics

1.      Overview of Technical Features

2.      Benefit and cost support for the business, initial configuration

3.      Azure Defender support into Azure Sentinel

4.      Azure Security Center support into Azure Sentinel

Chapter 1 Azure Sentinel Overview

Platform benefits, SOC security reference, alignment to Cyber framework, Log Analytics planning, cost structure

Azure Monitor, Azure Security Center, Azure Defender, working together to support Azure Sentinel

Integration with Azure Security standards, protection for additional Azure workloads, guidance for XDR and how it should be used to modernize security operations.

Goals: Deployment best practices, platform integration and support for AWS

1.       Enable integration with 3^rd party security appliances

3.      Multi-Azure Tenant deployment best practices

Chapter 4 Data Connection

Single Tenant: Data connectors native, Log Analytics storage options, 3^rd party data, KQL validation processes, AWS connection, Service NOW integration

Chapter 5 Threat Intelligence (TI)

TI connectors and feeds, Sentinel Workbooks introduction, Sentinel Notebook usage, Python integration

Challenges and cost of Azure log analytics workspace, KQL modification requirements, SOC alignment needed

Goals: Improve Cyber Security Threat Hunting Techniques

1.      Threat Hunting with KQL Language deep dive with examples

2.      Integration with MITRE attack Matrix and support for TAXII

3.      Data flow examples: User logon, track and validate. Stop network connection to China, etc.

4.      Configuration changes needed for multiple Sentinel deployments

Chapter 7 Threat Hunting with Azure Sentinel

KQL Hunting introduction, custom queries, Sentinel bookmarks, Sentinel notebooks

Chapter 8 Introduction to MITRE Matrix

MITRE Attack Matrix overview and usage, STIX defined, TAXII defined, free TI -vs- service SLA

Chapter 9 Azure Sentinel Operations

Daily, Weekly, Monthly tasks, SOC engineer alignment, Continued SOC operations support from official Microsoft supported forum

Chapter Goal: Where to gain additional knowledge for Azure Sentinel

No of pages: 20

Sub - Topics:

1.      Guidance to continue Azure Sentinel skill improvement

2.      Relating information to Cyber Security standards