Objectives of the training
This training equips participants with the necessary skills and knowledge to mitigate cyber threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender.Targeted audience
This course is aimed at people working in security operations, and in particular Microsoft Security Operations Analysts. The Microsoft Security Operations Analyst works with organizational stakeholders to secure the organization's IT systems. Their goal is to reduce organizational risk by quickly correcting active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to the appropriate stakeholders. Responsibilities include managing, monitoring and responding to threats using a variety of security solutions in their environment.Prerequisite
To attend this training, it is recommended that candidates have:• A basic understanding of Microsoft 365
• A fundamental understanding of Microsoft security, compliance, and identity products
• An intermediate understanding of Windows 10
• Knowledge of Azure services, particularly Azure SQL Database and Azure Storage
• Knowledge of Azure virtual machines and virtual networks
• A basic understanding of scripting concepts
Trainers
Benefits for Participants
By the end of the training, participants will be able to:
Create a Microsoft Defender for Endpoint environment
Examine domains, IP addresses, and user accounts in Microsoft Defender for Endpoint
Describe the configuration of alert settings in Microsoft Defender for Endpoint
Examine DLP alerts in Microsoft Cloud App Security
Describe the configuration of auto-provisioning in Azure Defender
Remediate alerts in Azure Defender
Filter searches based on event time, severity, domain, and other relevant data using KQL
Describe workspace management and explain threat indicators in Azure Sentinel
Configure the Log Analytics agent to collect Sysmon events
Create a playbook to automate an incident response.
Course architecture
Mitigating Threats Using Microsoft Defender for Endpoint
Protect against threats with Microsoft Defender for Endpoint
Deploy the Microsoft Defender for Endpoint environment
Implement Windows 10 security improvements
Manage alerts and incidents
Conduct device investigations
Perform actions on a device
Investigate evidence and entities
Configure and manage automation
Configure alerts and detections
Use threat and vulnerability management
Mitigating Threats Using Microsoft 365 Defender
Introduction to threat protection with Microsoft 365
Mitigate incidents using Microsoft 365 Defender
Protect identities with Azure AD Identity Protection
Remediate risks with Microsoft Defender for Office 365
Secure your environment with Microsoft Defender for Identity
Protect cloud apps and services with Microsoft Cloud App Security
Respond to data loss prevention alerts using Microsoft 365
Manage insider risks in Microsoft 365
Mitigating Threats Using Azure Defender
Plan cloud workload protections
Explain cloud workload protections
Connect Azure assets
Connect non-Azure resources
Remediate security alerts
Creating Queries for Azure Sentinel Using Kusto Query Language (KQL)
Build KQL statements for Azure Sentinel
Analyze query results using KQL
Create multi-table statements using KQL
Work with data in Azure Sentinel using Kusto Query Language
Configuring Your Azure Sentinel Environment
Introduction to Azure Sentinel
Create and manage Azure Sentinel workspaces
Query logs in Azure Sentinel
Use watchlists in Azure Sentinel
Use threat intelligence in Azure Sentinel
Connecting Logs to Azure Sentinel
Connect data to Azure Sentinel using data connectors
Connect Microsoft services to Azure Sentinel
Connect Microsoft 365 Defender to Azure Sentinel
Connect Windows hosts to Azure Sentinel
Connect Common Event Format logs to Azure Sentinel
Connect Syslog data sources to Azure Sentinel
Connect threat indicators to Azure Sentinel
Creating Detections and Performing Investigations Using Azure Sentinel
Detect threats with Azure Sentinel analytics
Respond to threats with Azure Sentinel playbooks
Manage security incidents in Azure Sentinel
Use entity behavior analytics in Azure Sentinel
Query, visualize, and monitor data in Azure Sentinel
Performing Threat Hunting in Azure Sentinel
Hunt for threats with Azure Sentinel
Track threats using notebooks in Azure Sentinel.
Pedagogical details
Type of training
Private or personalized training
If you have more than 8 people to sign up for a particular course, it can be delivered as a private session right at your offices. Contact us for more details.
Request a quotePrivate or personalized training
If you have more than 8 people to sign up for a particular course, it can be delivered as a private session right at your offices. Contact us for more details.
Request a quote