COURSE OBJECTIVE:
Not available. Please contact.
TARGET AUDIENCE:
Not available. Please contact.
COURSE PREREQUISITES:
• Fundamental understanding of Microsoft Azure
• Basic understanding of Microsoft Sentinel
• Experience using Kusto Query Language (KQL) in Microsoft Sentinel
COURSE CONTENT:
Module 1 : Create and manage Microsoft Sentinel workspaces
Learn about the architecture of Microsoft Sentinel workspaces to ensure you configure your system to meet your organization's security operations requirements.
• Introduction
• Plan for the Microsoft Sentinel workspace
• Create a Microsoft Sentinel workspace
• Manage workspaces across tenants using Azure Lighthouse
• Understand Microsoft Sentinel permissions and roles
• Manage Microsoft Sentinel settings
• Configure logs
• Knowledge check
• Summary and resources
Module 2: Connect Microsoft services to Microsoft Sentinel
• Learn how to connect Microsoft 365 and Azure service logs to Microsoft Sentinel.
• Introduction
• Plan for Microsoft services connectors
• Connect the Microsoft Office 365 connector
• Connect the Microsoft Entra connector
• Connect the Microsoft Entra ID Protection connector
• Connect the Azure Activity connector
• Knowledge check
• Summary and resources
Module 3: Connect Windows hosts to Microsoft Sentinel
One of the most common logs to collect is Windows security events. Learn how Microsoft Sentinel makes this easy with the Security Events connector.
• Introduction
• Plan for Windows hosts security events connector
• Connect using the Windows Security Events via AMA Connector
• Connect using the Security Events via Legacy Agent Connector
• Collect Sysmon event logs
• Knowledge check
• Summary and resources
Module 4: Threat detection with Microsoft Sentinel analytics
In this module, you learned how Microsoft Sentinel Analytics can help the SecOps team identify and stop cyber attacks.
• Introduction
• Exercise – Detect threats with Microsoft Sentinel analytics
• What is Microsoft Sentinel Analytics?
• Types of analytics rules
• Create an analytics rule from templates
• Create an analytics rule from wizard
• Manage analytics rules
• Exercise – Detect threats with Microsoft Sentinel analytics
• Summary
Module 5: Automation in Microsoft Sentinel
By the end of this module, you'll be able to use automation rules in Microsoft Sentinel to automated incident management.
• Introduction
• Understand automation options
• Create automation rules
• Knowledge check
• Summary and resources
Module 6: Configure SIEM security operations using Microsoft Sentinel
In this module, you learned how to configure SIEM security operations using Microsoft Sentinel.
• Introduction
• Exercise – Configure SIEM operations using Microsoft Sentinel
• Exercise – Install Microsoft Sentinel Content Hub solutions and data connectors
• Exercise – Configure a data connector Data Collection Rule
• Exercise – Perform a simulated attack to validate the Analytic and Automation rules
• Summary
FOLLOW ON COURSES:
Not available. Please contact.