Cover -- Copyright -- Why subscribe? -- Foreword -- Contributors -- About the authors -- About the reviewers -- Packt is searching for authors like you -- Table Of Contents -- Preface -- Who this book is for -- What this book covers -- To get the most out of this book -- Download the color images -- Conventions used -- Get in touch -- Reviews -- Section 1: Design and Implementation -- Chapter 1: Getting Started with Azure Sentinel -- The current cloud security landscape -- Cloud security reference framework -- SOC platform components -- Mapping the SOC architecture

Log management and data sources -- Operations platforms -- Threat intelligence and threat hunting -- SOC mapping summary -- Security solution integrations -- Cloud platform integrations -- Integrating with AWS -- Integrating with Google Cloud Platform (GCP) -- Integrating with Microsoft Azure -- Private infrastructure integrations -- Service pricing for Azure Sentinel -- Scenario mapping -- Step 1 -- Define the new scenarios -- Step 2 -- Explain the purpose -- Step 3 -- The kill-chain stage -- Step 4 -- Which solution will do detection? -- Step 5 -- What actions will occur instantly?

Step 6 -- Severity and output -- Step 7 -- What action should the analyst take? -- Summary -- Questions -- Further reading -- Chapter 2: Azure Monitor -- Log Analytics -- Technical requirements -- Introduction to Azure Monitor Log Analytics -- Planning a workspace -- Creating a workspace using the portal -- Creating a workspace using PowerShell or the CLI -- Exploring the Overview page -- Managing the permissions of the workspace -- Enabling Azure Sentinel -- Exploring the Azure Sentinel Overview page -- The header bar -- The summary bar -- The Events and alerts over time section

The Recent incidents section -- The Data source anomalies section -- The Potential malicious events section -- The Democratize ML for your SecOps section -- Connecting your first data source -- Obtaining information from Azure virtual machines -- Advanced settings for Log Analytics -- Connected Sources -- The Data option -- Computer Groups -- Summary -- Questions -- Further reading -- Section 2: Data Connectors, Management, and Queries -- Chapter 3: Managing and Collecting Data -- Choosing data that matters -- Understanding connectors -- Native connections -- service to service

Direct connections -- service to service -- API connections -- Agent-based -- Configuring Azure Sentinel connectors -- Configuring Log Analytics storage options -- Calculating the cost of data ingestion and retention -- Reviewing alternative storage options -- Questions -- Further reading -- Chapter 4: Integrating Threat Intelligence -- Introduction to TI -- Understanding STIX and TAXII -- Choosing the right intel feeds for your needs -- Implementing TI connectors -- Enabling the data connector -- Registering an app in Azure AD -- Configuring the MineMeld threat intelligence feed