Marshall Copeland - Cloud Defense Strategies with Azure Sentinel: Hands-on Threat Hunting in Cloud Logs and Services

This Apress imprint is published by the registered company APress Media, LLC part of Springer Nature.

The registered company address is: 1 New York Plaza, New York, NY 10004, U.S.A.

The Microsoft Azure Sentinel engineering team has brought their best security work in Azure Sentinel, the cloud-native SIEM (Security Information and Event Management ). The need for the next-generation defense is to combat cybercriminals and nation states that continue to threaten human health, steal intellectual property, and terrorize businesses. Plain but certainly not simple, this is cyber war. Global cybercrime events continue to publicly remind governments, businesses, and security leaders that digital criminal efforts are ever-evolving, complex, and never-ending. Criminals in foreign countries are protected. Cyberwarfare from nation states is supported by an endless supply of resources and time.

This hands-on guidance in this book will provide you with a comprehensive understanding, enabling you, in minutes, to save money by integrating with data you already have and start defending your business today.

This book provides excellent guidance for security and IT team members who are responsible for security attack mitigation and respond to cybercriminal attacks.

A brief description of subject matter in each chapter:

Part I

Includes Chapters . You enable Azure Sentinel and begin allowing security data into your services, integrate other Azure security services with Azure Sentinel and each other, and learn how these services extend the layered data security.

Part II

Includes Chapters . You are provided guidance that includes security metrics, logs, and events based on limited data and not duplicate storage cost. Details about security threat intelligence (TI) providers and ingestion into Azure Sentinel and consideration for supporting Azure Sentinel for a global business using global Azure regions are also discussed.

Part III

Includes Chapters . Threat hunters with Azure built-in templates, automation (SOAR), and customized Kusto Query Language (KQL) queries for new threats, custom watch lists, and security defenses are discussed. There is an introduction to the MITRE organization and how it is supported in Azure Sentinel and daily, weekly, and monthly best practices for successful operations with Azure Sentinel.

Marshall Copeland would like to dedicate this book to the memory of Marshal (Mark) Edwin Hilley. His family, friends, and extended family of first responders are mourninghis passing after a battle with COVID-19. Mark Hilley was a Gulfport firefighter and Harrison County Fire Rescue Battalion Chief. District Chief Mark Hilley served morethan 20 years and was also a veteran of the U.S. Marine Corps. Mark Hilley is the epitome of a firefighters firefighter. He devoted his life to public service. Please keepMarks family in your prayers. Special acknowledgment to Brian OHara, a true security professional with great cyber defense insight. Thank you, Brian. Thank you to Shrikant Vishwakarma, Smriti Srivastava, and the Apress team for your dedication to this publication.