Configure SIEM security operations using Microsoft Sentinel

Upon completion of this module, the learner will be able to:

• Describe Microsoft Sentinel workspace architecture
• Install Microsoft Sentinel workspace
• Manage a Microsoft Sentinel workspace

Upon completion of this module, the learner will be able to:

• Connect Microsoft service connectors
• Explain how connectors auto-create incidents in Microsoft Sentinel

Upon completion of this module, the learner will be able to:

• Connect Azure Windows Virtual Machines to Microsoft Sentinel
• Connect non-Azure Windows hosts to Microsoft Sentinel
• Configure Log Analytics agent to collect Sysmon events

In this module, you will:

• Explain the importance of Microsoft Sentinel Analytics.
• Explain different types of analytics rules.
• Create rules from templates.
• Create new analytics rules and queries using the analytics rule wizard.
• Manage rules with modifications.

In this module you will:

• Explain Microsoft Sentinel SOAR capabilities.
• Explore the Microsoft Sentinel Logic Apps connector.
• Create a playbook to automate an incident response.
• Run a playbook on demand in response to an incident.

Upon completion of this module, the learner is able to:

• Create and configure a Microsoft Sentinel workspace
• Deploy Microsoft Sentinel Content Hub solutions and data connectors
• Configure Microsoft Sentinel Data Collection rules, NRT Analytic rule and Automation
• Perform a simulated attack to validate Analytic and Automation rules

• Introduction
• Plan for the Microsoft Sentinel workspace
• Create a Microsoft Sentinel workspace
• Manage workspaces across tenants using Azure Lighthouse
• Understand Microsoft Sentinel permissions and roles
• Manage Microsoft Sentinel settings
• Configure logs
• Knowledge check
• Summary and resources

• Introduction
• Plan for Microsoft services connectors
• Connect the Microsoft Office 365 connector
• Connect the Microsoft Entra connector
• Connect the Microsoft Entra ID Protection connector
• Connect the Azure Activity connector
• Knowledge check
• Summary and resources

• Introduction
• Plan for Windows hosts security events connector
• Connect using the Windows Security Events via AMA Connector
• Connect using the Security Events via Legacy Agent Connector
• Collect Sysmon event logs
• Knowledge check
• Summary and resources

• Introduction
• Exercise - Detect threats with Microsoft Sentinel analytics
• What is Microsoft Sentinel Analytics?
• Types of analytics rules
• Create an analytics rule from templates
• Create an analytics rule from wizard
• Manage analytics rules
• Exercise - Detect threats with Microsoft Sentinel analytics
• Summary

• Introduction
• Exercise - Create a Microsoft Sentinel playbook
• What are Microsoft Sentinel playbooks?
• Trigger a playbook in real-time
• Run playbooks on demand
• Exercise - Create a Microsoft Sentinel playbook
• Summary

• Introduction
• Exercise - Configure SIEM operations using Microsoft Sentinel
• Exercise - Install Microsoft Sentinel Content Hub solutions and data connectors
• Exercise - Configure a data connector Data Collection Rule
• Exercise - Perform a simulated attack to validate the Analytic and Automation rules
• Summary