Yuri Diogenes, MSC Master of science in cybersecurity intelligence and forensics investigation from UTICA College, currently working on his PhD in Cybersecurity Leadership from Capitol Technology University. Yuri has been working at Microsoft since 2006, and currently he is a Principal PM Manager for the CxE Microsoft Defender for Cloud Team. Yuri has published a total of 29 books, mostly around information security and Microsoft technologies. Yuri is also a Professor at EC-Council University where he teaches at the Bachelor in Cybersecurity Program. Yuri also has an MBA and many IT/Security industry certifications, such as CISSP, MITRE ATT&CK® Cyber Threat Intelligence Certified, E|CND, E|CEH, E|CSA, E|CHFI, CompTIA Security+, CySA+, Network+, CASP and CyberSec First Responder. You can follow Yuri on Twitter at @ yuridiogenes. Mark Simos is Lead Cybersecurity Architect for Microsoft where he leads the development of cybersecurity reference architectures, best practices, reference strategies, prescriptive roadmaps, CISO workshops, and other guidance to help organizations meet cybersecurity and digital transformation goals. Mark is co-host of the Azure Security Podcast and actively contributes to open standards and other publications such as the Zero Trust Commandments, The Open Group Zero Trust Core Principles, NIST Guide for Cybersecurity Event Recovery (800-184), NIST Guide to Enterprise Patch Management (800-40), Microsoft Digital Defense Report, and Microsoft Security blogs. Mark also co-chairs the Zero Trust Architecture (ZTA) working group at The Open Group and has presented numerous conferences including Black Hat USA, RSA Conference, Gartner Security & Risk Management, Microsoft BlueHat, Microsoft Ignite, and Financial Executives International. Sarah Young is a Senior Cloud Security Advocate at Microsoft and a CNCF Ambassador with over a decade of experience in security across Europe, the US and Asia. Sarah is an experienced public speaker and has presented on a range of IT security and technology topics at industry events and holds numerous industry qualifications including CISSP, CCSP, CISM and Azure Solutions Architect and has previously co-authored Microsoft Press technical books. She is also a co-host of the Azure Security Podcast. Sarah has also won the Security Champion award at the Australian Women in Security Awards. She is an active supporter of both local and international security and cloud native communities. You can follow Sarah on Twitter [...] although expect many dog pictures alongside security content. Gladys Rodriguez is Principal Cybersecurity Engineer with over 25 years in the Information Technology field. As part of the Mission Engineering team, Gladys has helped embed existing security capabilities within Microsoft developed products/services. She has also helped create new security functionality for customers to enable zero trust in their environment. Recently, Gladys has been involved in helping develop zero trust strategies for Operational Technology used in Critical Infrastructure with special focus in aerospace solutions. Gladys is co-host of the Azure Security Podcast for both English and Spanish version. She has also contributed to publications such as the Microsoft Zero Trust publications, NIST SP 800-207, Zero Trust Architecture, Microsoft Exam SC-100: Microsoft Cybersecurity Architect and others. Gladys also spends a lot of time mentoring and sharing her knowledge with others to help them get more involved in the cybersecurity space.

CHAPTER 1: Security challenges for SecOps

CHAPTER 2: Introduction to Microsoft Sentinel

CHAPTER 3: Analytics

CHAPTER 4: Incident management

CHAPTER 5: Hunting

CHAPTER 6: Notebooks

CHAPTER 7: Automating response

CHAPTER 8: Data visualization

CHAPTER 9: Data connectors

APPENDIX A: Introduction to Kusto Query Language

APPENDIX B: Microsoft Sentinel for managed security service providers