YoVDO

Cloud-native security operations with Microsoft Sentinel

Offered By: Microsoft via Microsoft Learn

Tags

Windows Systems Administration Courses Data Visualization Courses Network Security Courses Security Information and Event Management (SIEM) Courses Threat Detection Courses Incident Management Courses Threat Hunting Courses Microsoft Sentinel Courses

Course Description

Overview

  • Module 1: Get familiar with Microsoft Sentinel, a cloud-native, security information and event management (SIEM) service.

    • By the end of this module, you will be able to:

    • Identify the various components and functionality of Microsoft Sentinel.
    • Identify use cases where Microsoft Sentinel would be a good solution.
  • Module 2: Learn how to deploy Microsoft Sentinel and connect the services you want to monitor. Then you can use Azure and AI to provide analysis of security alerts.

    • After completing this module, you'll be able to:

    • Deploy Microsoft Sentinel.
    • Connect to the services you want to monitor.
    • Manage the log data collected by connectors.
  • Module 3: Threat detection with Microsoft Sentinel analytics

    • In this module, you will:

    • Explain the importance of Microsoft Sentinel Analytics.
    • Explain different types of analytics rules.
    • Create rules from templates.
    • Create new analytics rules and queries using the analytics rule wizard.
    • Manage rules with modifications.
  • Module 4: Security incident management in Microsoft Sentinel

    • In this module, you will:

    • Understand Microsoft Sentinel incident management
    • Explore Microsoft Sentinel evidence and entity management
    • Investigate and manage incident resolution
  • Module 5: Threat hunting with Microsoft Sentinel

    • In this module, you will:

    • Use queries to hunt for threats.
    • Save key findings with bookmarks.
    • Observe threats over time with livestream.
  • Module 6: Provide an introduction to implementing threat response with Microsoft Sentinel playbooks.

    • In this module you will:

    • Explain Microsoft Sentinel SOAR capabilities.
    • Explore the Microsoft Sentinel Logic Apps connector.
    • Create a playbook to automate an incident response.
    • Run a playbook on demand in response to an incident.
  • Module 7: Describe how to query, visualize, and monitor data in Microsoft Sentinel.

    • In this module you will:

    • Visualize security data using Microsoft Sentinel Workbooks.
    • Understand how queries work.
    • Explore workbook capabilities.
    • Create a Microsoft Sentinel Workbook.

Syllabus

  • Module 1: Introduction to Microsoft Sentinel
    • Introduction
    • What is Microsoft Sentinel?
    • How Microsoft Sentinel works
    • When to use Microsoft Sentinel
    • Knowledge check
    • Summary
  • Module 2: Deploy Microsoft Sentinel and connect data sources
    • Introduction
    • Consider deployment options
    • Describe Microsoft Sentinel permissions and roles
    • Connect data sources
    • Consider data-connection methods
    • Manage logs
    • Knowledge check
    • Summary
  • Module 3: Threat detection with Microsoft Sentinel analytics
    • Introduction
    • Exercise - Detect threats with Microsoft Sentinel analytics
    • What is Microsoft Sentinel Analytics?
    • Types of analytics rules
    • Create an analytics rule from templates
    • Create an analytics rule from wizard
    • Manage analytics rules
    • Exercise - Detect threats with Microsoft Sentinel analytics
    • Summary
  • Module 4: Security incident management in Microsoft Sentinel
    • Introduction
    • Exercise setup
    • Describe incident management
    • Understand evidence and entities
    • Manage incidents
    • Exercise - Investigate an incident
    • Summary
  • Module 5: Threat hunting with Microsoft Sentinel
    • Introduction
    • Exercise setup
    • Explore creation and management of Microsoft Sentinel threat-hunting queries
    • Save key findings with bookmarks
    • Observe threats over time with livestream
    • Exercise - Hunt for threats by using Microsoft Sentinel
    • Summary
  • Module 6: Threat response with Microsoft Sentinel playbooks
    • Introduction
    • Exercise - Create a Microsoft Sentinel playbook
    • What are Microsoft Sentinel playbooks?
    • Trigger a playbook in real-time
    • Run playbooks on demand
    • Exercise - Create a Microsoft Sentinel playbook
    • Summary
  • Module 7: Query, visualize, and monitor data in Microsoft Sentinel
    • Introduction
    • Exercise - Query and visualize data with Microsoft Sentinel Workbooks
    • Monitor and visualize data
    • Query data using Kusto Query Language
    • Use default Microsoft Sentinel Workbooks
    • Create a new Microsoft Sentinel Workbook
    • Exercise - Visualize data using Microsoft Sentinel Workbooks
    • Summary

Tags

Related Courses

Implementing and Administering Azure Sentinel
LinkedIn Learning Defend against threats with Microsoft 365
Microsoft via Microsoft Learn SC-200: Mitigate threats using Microsoft Defender for Endpoint
Microsoft via Microsoft Learn SC-200: Perform threat hunting in Microsoft Sentinel
Microsoft via Microsoft Learn Analyze Network Event Activity Data with Elasticsearch
Pluralsight