- Module 1: Get familiar with Microsoft Sentinel, a cloud-native, security information and event management (SIEM) service.
- Identify the various components and functionality of Microsoft Sentinel.
- Identify use cases where Microsoft Sentinel would be a good solution.
- Module 2: Learn how to deploy Microsoft Sentinel and connect the services you want to monitor. Then you can use Azure and AI to provide analysis of security alerts.
- Deploy Microsoft Sentinel.
- Connect to the services you want to monitor.
- Manage the log data collected by connectors.
- Module 3: Threat detection with Microsoft Sentinel analytics
- Explain the importance of Microsoft Sentinel Analytics.
- Explain different types of analytics rules.
- Create rules from templates.
- Create new analytics rules and queries using the analytics rule wizard.
- Manage rules with modifications.
- Module 4: Security incident management in Microsoft Sentinel
- Understand Microsoft Sentinel incident management
- Explore Microsoft Sentinel evidence and entity management
- Investigate and manage incident resolution
- Module 5: Threat hunting with Microsoft Sentinel
- Use queries to hunt for threats.
- Save key findings with bookmarks.
- Observe threats over time with livestream.
- Module 6: Provide an introduction to implementing threat response with Microsoft Sentinel playbooks.
- Explain Microsoft Sentinel SOAR capabilities.
- Explore the Microsoft Sentinel Logic Apps connector.
- Create a playbook to automate an incident response.
- Run a playbook on demand in response to an incident.
- Module 7: Describe how to query, visualize, and monitor data in Microsoft Sentinel.
- Visualize security data using Microsoft Sentinel Workbooks.
- Understand how queries work.
- Explore workbook capabilities.
- Create a Microsoft Sentinel Workbook.
By the end of this module, you will be able to:
After completing this module, you'll be able to:
In this module, you will:
In this module, you will:
In this module, you will:
In this module you will:
In this module you will:
