.svg)
.svg)
.svg)
Machine Learning Engineer
In this course, you will learn how to use these technologies to defend against cyber threats. In particular, you will configure and use Azure Sentinel and use Kusto Query Language (KQL) to detect, analyze and report. The course is designed for individuals working in a security operations job role and will help you prepare for the SC-200: Microsoft Security Operations Analyst exam.
Module 1: Defending against threats using Microsoft 365 Defender
Analyze threat data across domains and quickly remediate threats using the built-in orchestration and automation in Microsoft 365 Defender. Learn more about cybersecurity threats and how Microsoft's new threat protection tools protect your organization's users, devices and data. Use advanced identity-based threat detection and remediation to protect your Azure Active Directory identities and applications from attacks.
Lessons
- Introduction to threat protection with Microsoft 365
- Mitigating incidents with the help of Microsoft 365 Defender
- Minimize risks with Microsoft Defender for Office 365
- Microsoft Defender for Identity
- Protect your identities with Azure AD Identity Protection
- Microsoft Defender for Cloud Apps
- Respond to alerts to prevent data loss using Microsoft 365
- Managing insider risk in Microsoft 365
Lab: Defense against threats with the help of Microsoft 365 Defender
- Explore Microsoft 365 Defender
Module 2: Defending against threats using Microsoft Defender for Endpoint
Deploy the Microsoft Defender for Endpoint platform to detect, investigate and respond to advanced threats. Learn how Microsoft Defender for Endpoint can improve your organization's security. Learn how to deploy the Microsoft Defender for Endpoint environment, including device onboarding and security configuration. Learn how to investigate incidents and alerts using Microsoft Defender for Endpoint. You will be able to perform an advanced threat scan and consult with threat experts. You will also learn how to configure automation in Microsoft Defender for Endpoint by managing environment settings. Finally, you will learn about the vulnerabilities of your environment through threat and vulnerability management in Microsoft Defender for Endpoint.
Lessons
- Protect against threats with Microsoft Defender for Endpoint
- Deploy Microsoft Defender for endpoint environment
- Implement Windows security enhancements
- Carrying out device inspections
- Performing actions on a device
- Carrying out evidence and entity investigations
- Configuring and managing automation
- Configuring warnings and detections
- Benefits of threat and security risk management
Lab: Defend against threats with Microsoft 365 Defender for Endpoint
- Deploy Microsoft Defender for Endpoint
- Mitigate attacks with Defender for Endpoint
Module 3: Defending against threats with Microsoft Defender for Cloud
Using Microsoft Defender for Cloud, for Azure, Hybrid Cloud and on-premises workload protection and on-premises security. Learn more about the purpose of Microsoft Defender for Cloud and how to enable it. Also learn more about the protection and detection capabilities provided by Microsoft Defender for Cloud for each cloud workload. Learn how to add Microsoft Defender for Cloud features to your hybrid environment.
Lessons
- Planning workload protection in the cloud with Microsoft Defender for Cloud
- Protect workloads with Microsoft Defender for Cloud
- Connecting Azure resources with Microsoft Defender for Cloud
- Connect non-Azure resources with Microsoft Defender for Cloud
- Fixing security alerts with Microsoft Defender for Cloud
Lab: Defending against threats with Microsoft Defender for Cloud
- Deploy Microsoft Defender for Cloud
- Mitigating attacks with Microsoft Defender for Cloud
Module 4: Creating queries for Microsoft Sentinel using Kusto Query Language (KQL)
Write the KQL (Kusto Query Language) statements to query log data to perform detection, analysis and reporting in Microsoft Sentinel. This module focuses on the most commonly used operators. Security-related table queries are presented in the KQL sample instructions. KQL is the query language used to explore data to create analytics and workbooks and perform hunting operations in Microsoft Sentinel. Below you will find information on how to create complex statements using the basic KQL statement structure. Here you will learn how to summarize and visualize data in a KQL statement. This is the basis for creating detections in Microsoft Sentinel. Learn how to use the Kusto Query Language (KQL) to manipulate string data collected from log sources.
Lessons
- Creating KQL statements for Microsoft Sentinel
- Analyzing query results with the help of KQL
- Creating statements with multiple tables using KQL
- Working with string data using KQL statements
Lab: Creating queries for Microsoft Sentinel using Kusto Query Language (KQL)
Module 5: Configuring your Microsoft Sentinel environment
Getting started with Microsoft Sentinel by properly configuring the Microsoft Sentinel workspace. Setting up and configuring traditional SIEM (Security Information & Event Management) systems usually takes a lot of time. In addition, these systems are not necessarily designed for cloud workloads. Microsoft Sentinel allows you to quickly gain valuable security insights from your cloud and local data. This module will help you get started. Below you will find information on how to use the Microsoft Sentinel workspace architecture to configure your system to meet your organization's security requirements. As a Security Operations Analyst, you need to understand the tables, fields and data that are captured in your workspace. Learn how to query the most commonly used data tables in Microsoft Sentinel.
Lessons
- Introduction to Microsoft Sentinel
- Create and manage Microsoft Sentinel workspaces
- Querying logs in Microsoft Sentinel
- Using watchlists in Microsoft Sentinel
- Using threat intelligence in Microsoft Sentinel
Lab: Configuring your Microsoft Sentinel environment
Module 6: Connecting logs to Microsoft Sentinel
Connect data at cloud level with Microsoft Sentinel - across users, applications and infrastructures as well as locally and in multiple clouds. The data connectors provided by Microsoft Sentinel are primarily used to connect log data. This module provides an overview of the available data connectors. You will learn about the configuration options and data provided by Microsoft Sentinel connectors for Microsoft 365 Defender.
Lessons
- Connecting data with Microsoft Sentinel using data connectors
- Establishing a connection from Microsoft services with Microsoft Sentinel
- Connecting Microsoft 365 Defender with Microsoft Sentinel
- Connecting Windows hosts with Microsoft Sentinel
- Connecting Common Event Format logs with Microsoft Sentinel
- Connecting syslog data sources with Microsoft Sentinel
- Connecting threat indicators with Microsoft Sentinel
Lab: Connecting protocols with Microsoft Sentinel
- Connecting data with Microsoft Sentinel using data connectors
- Connecting Windows devices to Microsoft Sentinel via data connectors
- Connecting Linux hosts to Microsoft Sentinel via data connectors
- Connecting Threat Intelligence with Microsoft Sentinel via data connectors
Module 7: Creating detections and conducting investigations using Microsoft Sentinel
Detect previously undetected threats and quickly remediate threats with built-in orchestration and automation in Microsoft Sentinel. Learn how to respond to security threats with Microsoft Sentinel playbooks. You will look at incident management in Microsoft Sentinel, get information about events and entities in Microsoft Sentinel and learn ways to resolve incidents. You will also learn more about querying, visualizing and monitoring data in Microsoft Sentinel.
Lessons
- Threat detection with Microsoft Sentinel analyses
- Management of security incidents in Microsoft Sentinel
- Responding to threats with Microsoft Sentinel playbooks
- User and Entity Behavior Analytics in Microsoft Sentinel
- Query, visualize and monitor data in Microsoft Sentinel
Lab: Create detections and perform investigations using Microsoft Sentinel
- Activate a Microsoft security rule
- Creating a playbook
- Creating a planned query
- Understanding recognition modeling
- Carrying out attacks
- Creating recognitions
- Investigating incidents
- Creating workbooks
Module 8: Executing a threat scan in Microsoft Sentinel
In this module, you will learn how to proactively identify threat behaviors using Microsoft Sentinel queries. You will also learn how to use bookmarks and live streams to search for threats. You will also learn how to use notebooks in Microsoft Sentinel for advanced threat hunting.
Lessons
- Concepts for threat hunting in Microsoft Sentinel
- Threat hunting with Microsoft Sentinel
- Search for threats using notebooks in Microsoft Sentinel
Lab: Running a threat scan in Microsoft Sentinel
- Executing a threat scan in Microsoft Sentinel
- Threat hunting using notebooks with Microsoft Sentinel
- Defense against threats with Microsoft 365 Defender
- Defending against threats with Azure Defender for Cloud
- Defense against threats with Azure Sentinel
This intensive training prepares you for:
Exam: " SC-200: Microsoft Security Operations Analyst (beta) " for the
Certification: " Microsoft Certified: Security Operations Analyst Associate "
This course consists of training training and is led by a trainer who supervises the participants live. Theory and practice are taught with live demonstrations and practical exercises. The video conferencing software Zoom is used.
Microsoft Security Operations Analysts work with the organization's stakeholders to secure the organization's information technology systems. Their goal is to reduce enterprise risk by quickly remediating active attacks in the environment, advising on improvements to threat protection practices, and escalating violations of company policies to the appropriate stakeholders.
Responsibilities include threat management, monitoring, and responding to threats by deploying a variety of security solutions across the environment. The role primarily investigates, responds to and searches for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender and third party security products. As Security Operations Analysts utilize the operational output of these tools, they are also key stakeholders in the configuration and deployment of these technologies.
Requirements
- Basic understanding of Microsoft 365
- Basic understanding of Microsoft's security, compliance and identity products
- Intermediate understanding of Windows 10
- Familiarity with Azure services, especially Azure SQL Database and Azure Storage
- Familiarity with virtual machines and virtual networks in Azure
- Basic understanding of scripting concepts
The basic knowledge acquired in the following course is recommended:
- Microsoft Security, Compliance, and Identity Fundamentals
.svg)
