YoVDO

SC-200: Create detections and perform investigations using Microsoft Sentinel

Offered By: Microsoft via Microsoft Learn

Tags

SC-200: Microsoft Security Operations Analyst Courses Data Visualization Courses Cybersecurity Courses Network Security Courses Incident Response Courses Threat Detection Courses Microsoft Sentinel Courses

Course Description

Overview

  • Module 1: Threat detection with Microsoft Sentinel analytics

    • In this module, you will:

    • Explain the importance of Microsoft Sentinel Analytics.
    • Explain different types of analytics rules.
    • Create rules from templates.
    • Create new analytics rules and queries using the analytics rule wizard.
    • Manage rules with modifications.
  • Module 2: Provide an introduction to implementing threat response with Microsoft Sentinel playbooks.

    • In this module you will:

    • Explain Microsoft Sentinel SOAR capabilities.
    • Explore the Microsoft Sentinel Logic Apps connector.
    • Create a playbook to automate an incident response.
    • Run a playbook on demand in response to an incident.
  • Module 3: Security incident management in Microsoft Sentinel

    • In this module, you will:

    • Understand Microsoft Sentinel incident management
    • Explore Microsoft Sentinel evidence and entity management
    • Investigate and manage incident resolution
  • Module 4: Identify threats with User and Entity Behavior Analytics in Microsoft Sentinel

    • Upon completion of this module, the learner will be able to:

    • Explain User and Entity Behavior Analytics in Azure Sentinel
    • Explore entities in Microsoft Sentinel
  • Module 5: Describe how to query, visualize, and monitor data in Microsoft Sentinel.

    • In this module you will:

    • Visualize security data using Microsoft Sentinel Workbooks.
    • Understand how queries work.
    • Explore workbook capabilities.
    • Create a Microsoft Sentinel Workbook.

Syllabus

  • Module 1: Threat detection with Microsoft Sentinel analytics
    • Introduction
    • Exercise - Detect threats with Microsoft Sentinel analytics
    • What is Microsoft Sentinel Analytics?
    • Types of analytics rules
    • Create an analytics rule from templates
    • Create an analytics rule from wizard
    • Manage analytics rules
    • Exercise - Detect threats with Microsoft Sentinel analytics
    • Summary
  • Module 2: Threat response with Microsoft Sentinel playbooks
    • Introduction
    • Exercise - Create a Microsoft Sentinel playbook
    • What are Microsoft Sentinel playbooks?
    • Trigger a playbook in real-time
    • Run playbooks on demand
    • Exercise - Create a Microsoft Sentinel playbook
    • Summary
  • Module 3: Security incident management in Microsoft Sentinel
    • Introduction
    • Exercise setup
    • Describe incident management
    • Understand evidence and entities
    • Manage incidents
    • Exercise - Investigate an incident
    • Summary
  • Module 4: Identify threats with User and Entity Behavior Analytics in Microsoft Sentinel
    • Introduction
    • Understand user and entity behavior analytics
    • Explore entities
    • Display entity behavior information
    • Knowledge check
    • Summary and resources
  • Module 5: Query, visualize, and monitor data in Microsoft Sentinel
    • Introduction
    • Exercise - Query and visualize data with Microsoft Sentinel Workbooks
    • Monitor and visualize data
    • Query data using Kusto Query Language
    • Use default Microsoft Sentinel Workbooks
    • Create a new Microsoft Sentinel Workbook
    • Exercise - Visualize data using Microsoft Sentinel Workbooks
    • Summary

Tags

Related Courses

Cyber Security Operations (Cisco CCNA)
The Open University via FutureLearn Detecting and Mitigating Cyber Threats and Attacks
University of Colorado System via Coursera Microsoft Professional Capstone : Cybersecurity
Microsoft via edX Threat Detection: Planning for a Secure Enterprise
Microsoft via edX Windows Server 2016 Security Features
Microsoft via edX