In this course, you will learn how to use these technologies to defend against cyber threats. In particular, you will configure and use Azure Sentinel and use Kusto Query Language (KQL) to detect, analyze and report. The course is designed for individuals working in a security operations job role and will help you prepare for the SC-200: Microsoft Security Operations Analyst exam.
Module 1: Defending against threats using Microsoft 365 Defender
Analyze threat data across domains and quickly remediate threats using the built-in orchestration and automation in Microsoft 365 Defender. Learn more about cybersecurity threats and how Microsoft's new threat protection tools protect your organization's users, devices and data. Use advanced identity-based threat detection and remediation to protect your Azure Active Directory identities and applications from attacks.
Lessons
Lab: Defense against threats with the help of Microsoft 365 Defender
Module 2: Defending against threats using Microsoft Defender for Endpoint
Deploy the Microsoft Defender for Endpoint platform to detect, investigate and respond to advanced threats. Learn how Microsoft Defender for Endpoint can improve your organization's security. Learn how to deploy the Microsoft Defender for Endpoint environment, including device onboarding and security configuration. Learn how to investigate incidents and alerts using Microsoft Defender for Endpoint. You will be able to perform an advanced threat scan and consult with threat experts. You will also learn how to configure automation in Microsoft Defender for Endpoint by managing environment settings. Finally, you will learn about the vulnerabilities of your environment through threat and vulnerability management in Microsoft Defender for Endpoint.
Lessons
Lab: Defend against threats with Microsoft 365 Defender for Endpoint
Module 3: Defending against threats with Microsoft Defender for Cloud
Using Microsoft Defender for Cloud, for Azure, Hybrid Cloud and on-premises workload protection and on-premises security. Learn more about the purpose of Microsoft Defender for Cloud and how to enable it. Also learn more about the protection and detection capabilities provided by Microsoft Defender for Cloud for each cloud workload. Learn how to add Microsoft Defender for Cloud features to your hybrid environment.
Lessons
Lab: Defending against threats with Microsoft Defender for Cloud
Module 4: Creating queries for Microsoft Sentinel using Kusto Query Language (KQL)
Write the KQL (Kusto Query Language) statements to query log data to perform detection, analysis and reporting in Microsoft Sentinel. This module focuses on the most commonly used operators. Security-related table queries are presented in the KQL sample instructions. KQL is the query language used to explore data to create analytics and workbooks and perform hunting operations in Microsoft Sentinel. Below you will find information on how to create complex statements using the basic KQL statement structure. Here you will learn how to summarize and visualize data in a KQL statement. This is the basis for creating detections in Microsoft Sentinel. Learn how to use the Kusto Query Language (KQL) to manipulate string data collected from log sources.
Lessons
Lab: Creating queries for Microsoft Sentinel using Kusto Query Language (KQL)
Module 5: Configuring your Microsoft Sentinel environment
Getting started with Microsoft Sentinel by properly configuring the Microsoft Sentinel workspace. Setting up and configuring traditional SIEM (Security Information & Event Management) systems usually takes a lot of time. In addition, these systems are not necessarily designed for cloud workloads. Microsoft Sentinel allows you to quickly gain valuable security insights from your cloud and local data. This module will help you get started. Below you will find information on how to use the Microsoft Sentinel workspace architecture to configure your system to meet your organization's security requirements. As a Security Operations Analyst, you need to understand the tables, fields and data that are captured in your workspace. Learn how to query the most commonly used data tables in Microsoft Sentinel.
Lessons
Lab: Configuring your Microsoft Sentinel environment
Module 6: Connecting logs to Microsoft Sentinel
Connect data at cloud level with Microsoft Sentinel - across users, applications and infrastructures as well as locally and in multiple clouds. The data connectors provided by Microsoft Sentinel are primarily used to connect log data. This module provides an overview of the available data connectors. You will learn about the configuration options and data provided by Microsoft Sentinel connectors for Microsoft 365 Defender.
Lessons
Lab: Connecting protocols with Microsoft Sentinel
Module 7: Creating detections and conducting investigations using Microsoft Sentinel
Detect previously undetected threats and quickly remediate threats with built-in orchestration and automation in Microsoft Sentinel. Learn how to respond to security threats with Microsoft Sentinel playbooks. You will look at incident management in Microsoft Sentinel, get information about events and entities in Microsoft Sentinel and learn ways to resolve incidents. You will also learn more about querying, visualizing and monitoring data in Microsoft Sentinel.
Lessons
Lab: Create detections and perform investigations using Microsoft Sentinel
Module 8: Executing a threat scan in Microsoft Sentinel
In this module, you will learn how to proactively identify threat behaviors using Microsoft Sentinel queries. You will also learn how to use bookmarks and live streams to search for threats. You will also learn how to use notebooks in Microsoft Sentinel for advanced threat hunting.
Lessons
Lab: Running a threat scan in Microsoft Sentinel
This intensive training prepares you for:
Exam: " SC-200: Microsoft Security Operations Analyst (beta) " for the
Certification: " Microsoft Certified: Security Operations Analyst Associate "
This course consists of training training and is led by a trainer who supervises the participants live. Theory and practice are taught with live demonstrations and practical exercises. The video conferencing software Zoom is used.
Microsoft Security Operations Analysts work with the organization's stakeholders to secure the organization's information technology systems. Their goal is to reduce enterprise risk by quickly remediating active attacks in the environment, advising on improvements to threat protection practices, and escalating violations of company policies to the appropriate stakeholders.
Responsibilities include threat management, monitoring, and responding to threats by deploying a variety of security solutions across the environment. The role primarily investigates, responds to and searches for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender and third party security products. As Security Operations Analysts utilize the operational output of these tools, they are also key stakeholders in the configuration and deployment of these technologies.
Requirements
The basic knowledge acquired in the following course is recommended:
Form of learning
Learning form
No filter results
This training is conducted in cooperation with the authorized training organization Digicomp Academy AG.
For the purpose of conducting the training, participants' data will be transmitted to them and processed there under their own responsibility.
Please take note of the corresponding privacy policy.