Planning and implementing Microsoft Sentinel (SIEM & SOAR)
Course Description
This 3 day hands on course helps you get ramped up with Microsoft Sentinel and provide hands-on practical experience for product features, capabilities, and scenarios.
During the course you will deploy a Microsoft Sentinel workspace and ingest pre-recorded data to simulate scenarios that showcase various Microsoft Sentinel features.
3 Days
Contact us for pricing
Audience Profile
This course is aimed at IT professionals and Azure administrators that have some experience administering and configuring Azure, but want to gain an insight into implementing Microsoft’s SIEM/SOAR solution, Microsoft Sentinel.Overview of Microsoft Sentinel
Overview of Microsoft SentinelData ingestion methods
Microsoft Sentinel for MSSPs
User and Entity Behaviour Analytics
Fusion
Notebooks
Management & Automation Tools
Logs & Costs
KQL
Importance of KQL across AzureThe User Interface (demo)
The standard KQL Structure
Common KQL Commands
Data Connectors
Manage content in Microsoft SentinelConnect data to Microsoft Sentinel using data connectors
Connect Microsoft services to Microsoft Sentinel
Connect Microsoft 365 Defender to Microsoft Sentinel
Connect Windows hosts to Microsoft Sentinel
Connect Common Event Format logs to Microsoft Sentinel
Connect syslog data sources to Microsoft Sentinel
Connect threat indicators to Microsoft Sentinel
Analytics Rules
Threat detection with Microsoft Sentinel analyticsAutomation in Microsoft Sentinel
Threat response with Microsoft Sentinel playbooks
Incident Management
Incident management OverviewUser and Entity Behaviour Analytics
Data normalization in Microsoft Sentinel
Query, visualize, and monitor data
Hunting
Threat hunting conceptsThreat hunting with Microsoft Sentinel
Use Search jobs in Microsoft Sentinel
Hunt for threats using notebooks
Watchlists
Prioritize incidentsImport business data
Reduce Alert Fatigue
Enrich Event Data
Threat Intelligence
Threat Intelligence OverviewThreat Intelligence in Microsoft Sentinel
SecuritySentinelMicrosoft AzureAzure SecurityCloud ComputingMicrosoft 365AzureKQL