Learn how to investigate, respond to, and hunt for threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. In this SC200 course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Azure Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.
The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products.
By actively participating in this course, you will learn about the following:
Explain how Microsoft Defender for Endpoint can remediate risks in your environment
Explain how the threat landscape is evolving
Conduct advanced hunting and manage incidents in Microsoft 365 Defender
in Microsoft 365 Defender
Investigate DLP alerts in Microsoft Cloud App Security
Configure auto-provisioning in Azure Defender
Construct KQL statements
Manage an Azure Sentinel workspace
Configure Log Analytics agent to collect Sysmon events
Basic understanding of Microsoft 365 & scripting concepts and an intermediate understanding of Windows 10
Fundamental understanding of Microsoft security, compliance, and identity products
Familiarity with Azure virtual machines and virtual networking, Azure services, specifically Azure SQL Database and Azure Storage
Module 1: Mitigate threats using Microsoft Defender for Endpoint
Implement the Microsoft Defender for Endpoint platform to detect, investigate, and respond to advanced threats. Learn how Microsoft Defender for Endpoint can help your organization stay secure.
Protect against threats with Microsoft Defender for Endpoint
Deploy the Microsoft Defender for Endpoint environment
Implement Windows 10 security enhancements with Microsoft Defender for Endpoint
Module 2: Mitigate threats using Microsoft 365 Defender
Analyse threat data across domains and rapidly remediate threats with built-in orchestration and automation in Microsoft 365 Defender.
Introduction to threat protection with Microsoft 365
Mitigate incidents using Microsoft 365 Defender
Protect your identities with Azure AD Identity Protection
Secure your cloud apps and services with Microsoft Cloud App Security
Module 3: Mitigate threats using Azure Defender
Use Azure Defender integrated with Azure Security Centre, for Azure, hybrid cloud, and on-premises workload protection and security.
Plan for cloud workload protections using Azure Defender
Explain cloud workload protections in Azure Defender
Remediate security alerts using Azure Defender
Module 4: Create queries for Azure Sentinel using Kusto Query Language (KQL)
Write Kusto Query Language (KQL) statements to query log data to perform detections, analysis, and reporting in Azure Sentinel. This module will focus on the most used operators. The example KQL statements will showcase security related table queries.
Work with data in Azure Sentinel using Kusto Query Language
Construct KQL statements for Azure Sentinel
Analyse query results using KQL
Build multi-table statements using KQL
Module 5: Configure your Azure Sentinel environment
Get started with Azure Sentinel by properly configuring the Azure Sentinel workspace. Traditional security information and event management (SIEM) systems typically take a long time to set up and configure. They're also not necessarily designed with cloud workloads in mind. Azure Sentinel enables you to start getting valuable security insights from your cloud and on-premises data quickly.
Introduction to Azure Sentinel
Create and manage Azure Sentinel workspaces
Query logs in Azure Sentinel
Module 6: Connect logs to Azure Sentinel
Connect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds to Azure Sentinel.
Connect data to Azure Sentinel using data connectors
Connect Common Event Format logs to Azure Sentinel
Connect syslog data sources to Azure Sentinel
Module 7: Create detections and perform investigations using Azure Sentinel
Detect previously uncovered threats and rapidly remediate threats with built-in orchestration and automation in Azure Sentinel.
Threat detection & response with Azure Sentinel analytics
Security incident management in Azure Sentinel
Query, visualize, and monitor data in Azure Sentinel
Module 8: Perform threat hunting in Azure Sentinel
In this module, you'll learn to proactively identify threat behaviours by using Azure Sentinel queries. You'll also learn to use bookmarks and livestream to hunt threats.
Threat hunting with Azure Sentinel
Hunt for threats using notebooks in Azure Sentinel
This course leads to the SC-200 Microsoft Security Operations Analyst Exam, which will earn you the Microsoft Certified: Security Operations Analyst Associate.
This training course provided by Skilltec is accredited through Global Knowledge Training Ltd. Global Knowledge Training Ltd are the authorised learning partner; all trademarks and partner statuses are provided through them.