Learn how to implement and administer Azure Sentinel, a cloud-native security event and information management (SEIM) system that detects threats while automating threat responses.
Overview
Syllabus
Introduction
- Need a central point of analysis for security events?
- What you should know
- Lab setup
- Sentinel feature flyover
- Onboarding Microsoft Sentinel
- Kusto query language quickstart
- Connecting Microsoft services
- Connecting external services
- Integrating threat intelligence
- Detecting threats
- Investigating incidents
- Responding to threats using automation
- Security orchestration, automation, and response (SOAR)
- UEBA and machine learning
- Threat hunting basics
- Hunting with bookmarks
- Hunting with notebooks
- Workbooks and dashboards
- Integrating with Microsoft Defender and Purview
- Next steps
Taught by
Pete Zerger
Related Courses
-
Cloud-native security operations with Microsoft Sentinel
-
Configure SIEM Security Operation using Microsoft Sentinel
-
Configure SIEM security operations using Microsoft Sentinel
-
SC-200: Create detections and perform investigations using Microsoft Sentinel
-
SC-200: Perform threat hunting in Microsoft Sentinel
-
Cybersecurity Solutions and Microsoft Defender
