SC-200: Connect logs to Microsoft Sentinel

Upon completion of this module, the learner will be able to:

• Explain the use of data connectors in Microsoft Sentinel
• Describe the Microsoft Sentinel data connector providers
• Explain the Common Event Format and Syslog connector differences in Microsoft Sentinel

Upon completion of this module, the learner will be able to:

• Connect Microsoft service connectors
• Explain how connectors auto-create incidents in Microsoft Sentinel

Upon completion of this module, the learner will be able to:

• Activate the Microsoft 365 Defender connector in Microsoft Sentinel
• Activate the Microsoft Defender for Endpoint connector in Microsoft Sentinel
• Activate the Microsoft Defender for Office 365 connector in Microsoft Sentinel

Upon completion of this module, the learner will be able to:

• Connect Azure Windows Virtual Machines to Microsoft Sentinel
• Connect non-Azure Windows hosts to Microsoft Sentinel
• Configure Log Analytics agent to collect Sysmon events

Upon completion of this module, the learner will be able to:

• Explain the Common Event Format connector deployment options in Microsoft Sentinel
• Run the deployment script for the Common Event Format connector

Upon completion of this module, the learner will be able to:

• Describe the Syslog connector deployment options in Microsoft Sentinel
• Run the connector deployment script to send data to Microsoft Sentinel
• Configure the Log Analytics agent integration for Microsoft Sentinel
• Create a parse using KQL in Microsoft Sentinel

Upon completion of this module, the learner will be able to:

• Configure the TAXII connector in Microsoft Sentinel
• Configure the Threat Intelligence Platform connector in Microsoft Sentinel
• View threat indicators in Microsoft Sentinel