SC-200: Connect logs to Microsoft Sentinel

Upon completion of this module, the learner will be able to:

• Explain the use of data connectors in Microsoft Sentinel
• Describe the Microsoft Sentinel data connector providers
• Explain the Common Event Format and Syslog connector differences in Microsoft Sentinel

Upon completion of this module, the learner will be able to:

• Connect Microsoft service connectors
• Explain how connectors auto-create incidents in Microsoft Sentinel

Upon completion of this module, the learner will be able to:

• Activate the Microsoft 365 Defender connector in Microsoft Sentinel
• Activate the Microsoft Defender for Endpoint connector in Microsoft Sentinel
• Activate the Microsoft Defender for Office 365 connector in Microsoft Sentinel

Upon completion of this module, the learner will be able to:

• Connect Azure Windows Virtual Machines to Microsoft Sentinel
• Connect non-Azure Windows hosts to Microsoft Sentinel
• Configure Log Analytics agent to collect Sysmon events

Upon completion of this module, the learner will be able to:

• Explain the Common Event Format connector deployment options in Microsoft Sentinel
• Run the deployment script for the Common Event Format connector

Upon completion of this module, the learner will be able to:

• Describe the Syslog connector deployment options in Microsoft Sentinel
• Run the connector deployment script to send data to Microsoft Sentinel
• Configure the Log Analytics agent integration for Microsoft Sentinel
• Create a parse using KQL in Microsoft Sentinel

Upon completion of this module, the learner will be able to:

• Configure the TAXII connector in Microsoft Sentinel
• Configure the Threat Intelligence Platform connector in Microsoft Sentinel
• View threat indicators in Microsoft Sentinel

• Introduction
• Ingest log data with data connectors
• Understand data connector providers
• View connected hosts
• Knowledge check
• Summary and resources

• Introduction
• Plan for Microsoft services connectors
• Connect the Microsoft Office 365 connector
• Connect the Azure Active Directory connector
• Connect the Azure Active Directory identity protection connector
• Knowledge check
• Summary and resources

• Introduction
• Plan for Microsoft 365 Defender connectors
• Connect alerts from Microsoft Defender for Office 365
• Connect alerts from Microsoft Defender for Endpoint
• Connect the Microsoft 365 Defender connector
• Knowledge check
• Summary and resources

• Introduction
• Plan for Windows hosts security events connector
• Collect Sysmon event logs
• Knowledge check
• Summary and resources

• Introduction
• Plan for Common Event Format connector
• Connect your external solution using the Common Event Format connector
• Knowledge check
• Summary and resources

• Introduction
• Plan for the syslog connector
• Collect data from Linux-based sources using syslog
• Configure the log analytics agent
• Parse syslog data with KQL
• Knowledge check
• Summary and resources

• Introduction
• Plan for threat intelligence connectors
• Connect the threat intelligence TAXII connector
• Connect the threat intelligence platforms connector
• View your threat indicators with KQL
• Knowledge check
• Summary and resources