Contents
Microsoft Azure Sentinel
Planning and implementing Microsofts cloud-native SIEM solution
Yuri Diogenes
Nicholas DiCola
Jonathan Trull
Microsoft Azure Sentinel
Planning and implementing Microsofts cloud-native SIEM solution
Published with the authorization of Microsoft Corporation by:
Pearson Education, Inc.
Copyright 2020 by Pearson Education, Inc.
All rights reserved. This publication is protected by copyright, and permission must be obtained from the publisher prior to any prohibited reproduction, storage in a retrieval system, or transmission in any form or by any means, electronic, mechanical, photocopying, recording, or likewise. For information regarding permissions, request forms, and the appropriate contacts within the Pearson Education Global Rights & Permissions Department, please visit www.pearson.com/permissions/. No patent liability is assumed with respect to the use of the information contained herein. Although every precaution has been taken in the preparation of this book, the publisher and author assume no responsibility for errors or omissions. Nor is any liability assumed for damages resulting from the use of the information contained herein.
ISBN-13: 978-0-13-648545-2
ISBN-10: 0-13-648545-6
Library of Congress Control Number: 2019957613
ScoutAutomatedPrintCode
TRADEMARKS
Microsoft and the trademarks listed at http://www.microsoft.com on the Trademarks webpage are trademarks of the Microsoft group of companies. All other marks are property of their respective owners.
WARNING AND DISCLAIMER
Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information provided is on an "as is" basis. The author(s), the publisher, and Microsoft Corporation shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book.
SPECIAL SALES
For information about buying this title in bulk quantities, or for special sales opportunities (which may include electronic versions; custom cover designs; and content particular to your business, training goals, marketing focus, or branding interests), please contact our corporate sales department at or (800) 382-3419.
For government sales inquiries, please contact .
For questions about sales outside the U.S., please contact .
CREDITS
EDITOR-IN-CHIEF
Brett Bartow
EXECUTIVE EDITOR
Loretta Yates
DEVELOPMENT EDITOR
Rick Kughen
MANAGING EDITOR
Sandra Schroeder
SENIOR PROJECT EDITOR
Tracey Croom
COPY EDITOR
Rick Kughen
INDEXER
Valerie Perry
PROOFREADER
Vanessa Ta
TECHNICAL EDITOR
Maarten Goet
ASSISTANT SPONSORING EDITOR
Charvi Arora
EDITORIAL ASSISTANT
Cindy Teeters
COVER DESIGNER
Twist Creative, Seattle
COMPOSITOR
Happenstance Type-O-Rama
Acknowledgments
The authors would like to thank Loretta Yates and the entire Microsoft Press/Pearson team for their support in this project, Ann Johnson for writing the foreword, and also the Azure Sentinel Engineering Team (Eliav Levi, Ofer Shezaf, Koby Koren, Raz Herzberg, Mor Shabi, Laura Machado de Wright, Ben Nick, Julian Gonzalez, and Itay Argoety). Thanks to Ian Hellen for the great work writing . We would also like to thank Maarten Goet (Microsoft MVP) for reviewing this book and thanks to Mike Kassis for writing the Appendix about Kusto Query Language (KQL).
Yuri would also like to thank: my wife and daughters for their endless support; my great God for giving me strength and guiding my path on each step of the way; my co-authors and friends Nicholas DiCola and Jonathan Trull for such great partnership throughout this project. Thanks to my parents for working hard to give me an education, which is the foundation I use every day to keep moving forward in my career. Last, but certainly not least, the entire Azure Sentinel community that keep inspiring us with great content.
Nicholas would also like to thank: my wife and three children for supporting me while working on this book; my co-authors and friends Yuri Diogenes and Jonathan Trull for their hard work on this book. I would also like to thank our Azure Sentinel Engineering team technical reviewers for their support on the book.
Jonathan would also like to thank: God, who is my ultimate teacher and guide; my wife and daughters for their love, encouragement, and endless support; my parents for providing me with the time and resources to pursue my dreams; my extended family for always believing in me; and my co-authors and comrades Yuri Diogenes and Nicholas DiCola. Finally, thanks to Microsoft, the Cybersecurity Solutions Group, and the countless teachers, professors, colleagues, and friends who have taught, counseled, and mentored me over the years.
Contents
About the Authors
Yuri Diogenes, MsC
Master of science in cybersecurity intelligence and forensics investigation (UTICA College), Yuri is Senior Program Manager in Microsoft Cxe Security Team, where he primarily helps customers onboard and deploy Azure Security Center and Azure Sentinel. Yuri has been working for Microsoft since 2006 in different positions, including five years as senior support escalation engineer in CSS Forefront Edge Team, and from 2011 to 2017 in the content development team, where he also helped create the Azure Security Center content experience since its launch in 2016. Yuri has published a total of 22 books, mostly around information security and Microsoft technologies. Yuri also holds an MBA and many IT/Security industry certifications, such as CISSP, E|CND, E|CEH, E|CSA, E|CHFI, CompTIA Security+, CySA+, Cloud Essentials Certified, Mobility+, Network+, CASP, CyberSec First Responder, MCSE, and MCTS. You can follow Yuri on Twitter at @yuridiogenes.
Nicholas DiCola
Nicholas is a Principal Group PM Manager at Microsoft on the Security Customer Experience Engineering (CxE) team, where he leads the Azure Security Get-ToProduction team that helps customers with deployments of Azure Security products. He has a Master of Business Administration with a concentration in Information Systems and various industry certifications such as CISSP and CEH. You can follow Nicholas on Twitter at @mastersecjedi.
Jonathan Trull
Jonathan is Microsoft's Chief Security Strategist. He provides strategic direction on the development of Microsoft products and services and leads a team of security, compliance, and identity advisors who help customers secure their digital transformation initiatives. Jonathan is a seasoned security executive who formally served as the CISO for the State of Colorado and several commercial organizations. He is active in the security community and is helping lead the Cloud Security Alliance's cloud controls matrix working group and is a coach for Carnegie Mellon University's CISO Executive Program. You can follow Jonathan on Twitter at @jonathantrull or via LinkedIn at https://www.linkedin.com/in/jonathantrull/.
Foreword
Security isat its corea big data problem. Businesses and government entities are producing terabytes of security relevant log data every day and the volumes continue to increase. This data growth is driven by the digitization of business processes and an explosion in the number of intelligent devices being used to power our physical world. Security teams are charged with making sense of this data and spotting the signs of an active attack so that they can respond appropriately.