YoVDO

SC-200: Create detections and perform investigations using Microsoft Sentinel

Offered By: Microsoft via Microsoft Learn

Tags

SC-200: Microsoft Security Operations Analyst Courses Data Visualization Courses Cybersecurity Courses Network Security Courses Incident Response Courses Threat Detection Courses Microsoft Sentinel Courses

Course Description

Overview

  • Module 1: Threat detection with Microsoft Sentinel analytics

    • In this module, you will:

    • Explain the importance of Microsoft Sentinel Analytics.
    • Explain different types of analytics rules.
    • Create rules from templates.
    • Create new analytics rules and queries using the analytics rule wizard.
    • Manage rules with modifications.
  • Module 2: Provide an introduction to implementing threat response with Microsoft Sentinel playbooks.

    • In this module you will:

    • Explain Microsoft Sentinel SOAR capabilities.
    • Explore the Microsoft Sentinel Logic Apps connector.
    • Create a playbook to automate an incident response.
    • Run a playbook on demand in response to an incident.
  • Module 3: Security incident management in Microsoft Sentinel

    • In this module, you will:

    • Understand Microsoft Sentinel incident management
    • Explore Microsoft Sentinel evidence and entity management
    • Investigate and manage incident resolution
  • Module 4: Identify threats with User and Entity Behavior Analytics in Microsoft Sentinel

    • Upon completion of this module, the learner will be able to:

    • Explain User and Entity Behavior Analytics in Azure Sentinel
    • Explore entities in Microsoft Sentinel
  • Module 5: Describe how to query, visualize, and monitor data in Microsoft Sentinel.

    • In this module you will:

    • Visualize security data using Microsoft Sentinel Workbooks.
    • Understand how queries work.
    • Explore workbook capabilities.
    • Create a Microsoft Sentinel Workbook.

Syllabus

  • Module 1: Threat detection with Microsoft Sentinel analytics
    • Introduction
    • Exercise - Detect threats with Microsoft Sentinel analytics
    • What is Microsoft Sentinel Analytics?
    • Types of analytics rules
    • Create an analytics rule from templates
    • Create an analytics rule from wizard
    • Manage analytics rules
    • Exercise - Detect threats with Microsoft Sentinel analytics
    • Summary
  • Module 2: Threat response with Microsoft Sentinel playbooks
    • Introduction
    • Exercise - Create a Microsoft Sentinel playbook
    • What are Microsoft Sentinel playbooks?
    • Trigger a playbook in real-time
    • Run playbooks on demand
    • Exercise - Create a Microsoft Sentinel playbook
    • Summary
  • Module 3: Security incident management in Microsoft Sentinel
    • Introduction
    • Exercise setup
    • Describe incident management
    • Understand evidence and entities
    • Manage incidents
    • Exercise - Investigate an incident
    • Summary
  • Module 4: Identify threats with User and Entity Behavior Analytics in Microsoft Sentinel
    • Introduction
    • Understand user and entity behavior analytics
    • Explore entities
    • Display entity behavior information
    • Knowledge check
    • Summary and resources
  • Module 5: Query, visualize, and monitor data in Microsoft Sentinel
    • Introduction
    • Exercise - Query and visualize data with Microsoft Sentinel Workbooks
    • Monitor and visualize data
    • Query data using Kusto Query Language
    • Use default Microsoft Sentinel Workbooks
    • Create a new Microsoft Sentinel Workbook
    • Exercise - Visualize data using Microsoft Sentinel Workbooks
    • Summary

Tags

Related Courses

Intro to Statistics
Stanford University via Udacity Introduction to Data Science
University of Washington via Coursera Passion Driven Statistics
Wesleyan University via Coursera Information Visualization
Indiana University via Independent DCO042 - Python For Informatics
University of Michigan via Independent