Cloud-native security operations with Microsoft Sentinel

0
Microsoft Learn
Free Online Course
English
6-7 hours worth of material
selfpaced

Overview

  • Module 1: Get familiar with Microsoft Sentinel, a cloud-native, security information and event management (SIEM) service.

    • By the end of this module, you will be able to:

    • Identify the various components and functionality of Microsoft Sentinel.
    • Identify use cases where Microsoft Sentinel would be a good solution.
  • Module 2: Learn how to deploy Microsoft Sentinel and connect the services you want to monitor. Then you can use Azure and AI to provide analysis of security alerts.

    • After completing this module, you'll be able to:

    • Deploy Microsoft Sentinel.
    • Connect to the services you want to monitor.
    • Manage the log data collected by connectors.
  • Module 3: Threat detection with Microsoft Sentinel analytics

    • In this module, you will:

    • Explain the importance of Microsoft Sentinel Analytics.
    • Explain different types of analytics rules.
    • Create rules from templates.
    • Create new analytics rules and queries using the analytics rule wizard.
    • Manage rules with modifications.
  • Module 4: Security incident management in Microsoft Sentinel

    • In this module, you will:

    • Understand Microsoft Sentinel incident management
    • Explore Microsoft Sentinel evidence and entity management
    • Investigate and manage incident resolution
  • Module 5: Threat hunting with Microsoft Sentinel

    • In this module, you will:

    • Use queries to hunt for threats.
    • Save key findings with bookmarks.
    • Observe threats over time with livestream.
  • Module 6: Provide an introduction to implementing threat response with Microsoft Sentinel playbooks.

    • In this module you will:

    • Explain Microsoft Sentinel SOAR capabilities.
    • Explore the Microsoft Sentinel Logic Apps connector.
    • Create a playbook to automate an incident response.
    • Run a playbook on demand in response to an incident.
  • Module 7: Describe how to query, visualize, and monitor data in Microsoft Sentinel.

    • In this module you will:

    • Visualize security data using Microsoft Sentinel Workbooks.
    • Understand how queries work.
    • Explore workbook capabilities.
    • Create a Microsoft Sentinel Workbook.

Syllabus

  • Module 1: Introduction to Microsoft Sentinel
    • Introduction
    • What is Microsoft Sentinel?
    • How Microsoft Sentinel works
    • When to use Microsoft Sentinel
    • Knowledge check
    • Summary
  • Module 2: Deploy Microsoft Sentinel and connect data sources
    • Introduction
    • Consider deployment options
    • Describe Microsoft Sentinel permissions and roles
    • Connect data sources
    • Consider data-connection methods
    • Manage logs
    • Knowledge check
    • Summary
  • Module 3: Threat detection with Microsoft Sentinel analytics
    • Introduction
    • Exercise - Detect threats with Microsoft Sentinel analytics
    • What is Microsoft Sentinel Analytics?
    • Types of analytics rules
    • Create an analytics rule from templates
    • Create an analytics rule from wizard
    • Manage analytics rules
    • Exercise - Detect threats with Microsoft Sentinel analytics
    • Summary
  • Module 4: Security incident management in Microsoft Sentinel
    • Introduction
    • Exercise setup
    • Describe incident management
    • Understand evidence and entities
    • Manage incidents
    • Exercise - Investigate an incident
    • Summary
  • Module 5: Threat hunting with Microsoft Sentinel
    • Introduction
    • Exercise setup
    • Explore creation and management of Microsoft Sentinel threat-hunting queries
    • Save key findings with bookmarks
    • Observe threats over time with livestream
    • Exercise - Hunt for threats by using Microsoft Sentinel
    • Summary
  • Module 6: Threat response with Microsoft Sentinel playbooks
    • Introduction
    • Exercise - Create a Microsoft Sentinel playbook
    • What are Microsoft Sentinel playbooks?
    • Trigger a playbook in real-time
    • Run playbooks on demand
    • Exercise - Create a Microsoft Sentinel playbook
    • Summary
  • Module 7: Query, visualize, and monitor data in Microsoft Sentinel
    • Introduction
    • Exercise - Query and visualize data with Microsoft Sentinel Workbooks
    • Monitor and visualize data
    • Query data using Kusto Query Language
    • Use default Microsoft Sentinel Workbooks
    • Create a new Microsoft Sentinel Workbook
    • Exercise - Visualize data using Microsoft Sentinel Workbooks
    • Summary

Related Courses

SC-200: Create detections and perform investigations using Microsoft Sentinel

SC-200: Create detections and perform investigations using Microsoft Sentinel
SC-200: Mitigate threats using Microsoft 365 Defender

SC-200: Mitigate threats using Microsoft 365 Defender
Cloud-native security operations with Microsoft Sentinel

Cloud-native security operations with Microsoft Sentinel
Safeguard multi-cloud apps and resources with cloud security solutions from Microsoft

Safeguard multi-cloud apps and resources with cloud security solutions from Microsoft
SC-200: Mitigate threats using Microsoft Defender for Endpoint

SC-200: Mitigate threats using Microsoft Defender for Endpoint
Detect and respond to cyber attacks with Microsoft 365 Defender

Detect and respond to cyber attacks with Microsoft 365 Defender