Overview This class offers a comprehensive exploration of Microsoft Sentinel, equipping participants with the skills to configure and manage SIEM security operations effectively.
Description
Overview
This class offers a comprehensive exploration of Microsoft Sentinel, equipping participants with the skills to configure and manage SIEM security operations effectively. Participants will gain in-depth knowledge of creating and managing Microsoft Sentinel workspaces, connecting various Microsoft services and Windows hosts, and leveraging Sentinel analytics for threat detection. The course emphasizes practical skills through hands-on exercises, ensuring that attendees can apply their learning directly to real-world scenarios.
_
By the end of this course, learners will be proficient in automating incident management using Sentinel and configuring SIEM security operations to enhance their organization's security posture. This training is ideal for those looking to enhance their cybersecurity expertise and ensure robust security operations.
Audience Profile
This course is designed for IT professionals, security analysts, and system administrators who have a fundamental understanding of Microsoft Azure and Microsoft Sentinel. It is particularly beneficial for those responsible for managing and enhancing their organization's security operations and seeking to leverage Microsoft Sentinel for advanced threat detection and incident response.
Prerequisites
Fundamental understanding of Microsoft Azure
Basic understanding of Microsoft Sentinel
Experience using Kusto Query Language (KQL) in Microsoft Sentinel
COURSE OUTLINE
Module 1: Create and manage Microsoft Sentinel workspaces
Plan for the Microsoft Sentinel workspace
Create a Microsoft Sentinel workspace
Manage workspaces across tenants using Azure Lighthouse
Understand Microsoft Sentinel permissions and roles
Manage Microsoft Sentinel settings
Configure logs
Module 2: Connect Microsoft services to Microsoft Sentinel
Plan for Microsoft services connectors
Connect the Microsoft Office 365 connector
Connect the Microsoft Entra connector
Connect the Microsoft Entra ID Protection connector
Connect the Azure Activity connector
Module 3: Connect Windows hosts to Microsoft Sentinel
Plan for Windows hosts security events connector
Connect using the Windows Security Events via AMA Connector
Connect using the Security Events via Legacy Agent Connector
Collect Sysmon event logs
Module 4: Threat detection with Microsoft Sentinel analytics
Exercise - Detect threats with Microsoft Sentinel analytics
What is Microsoft Sentinel Analytics?
Types of analytics rules
Create an analytics rule from templates
Create an analytics rule from wizard
Manage analytics rules
Exercise - Detect threats with Microsoft Sentinel analytics
Module 5: Automation in Microsoft Sentinel
Understand automation options
Create automation rules
Module 6: Configure SIEM security operations using Microsoft Sentinel
Exercise - Configure SIEM operations using Microsoft Sentinel
Exercise - Install Microsoft Sentinel Content Hub solutions and data connectors
Exercise - Configure a data connector Data Collection Rule
Exercise - Perform a simulated attack to validate the Analytic and Automation rules
