Overview

In this online training course, students will gain the knowledge and skills to mitigate cyberthreats using these technologies. Specifically, you will configure and use Microsoft Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.

Exam SC-200: Microsoft Security Operations Analyst

COURSE INSTRUCTOR: Charles Zacharias, Microsoft, Cybersecurity, F5
COURSE DIFFICULTY: Intermediate
COURSE DURATION: 14h

After completing this online training course, students will be able to:

  • Mitigate threats using Microsoft 365 Defender

  • Mitigate threats using Microsoft Defender for Cloud

  • Mitigate threats using Microsoft Sentinel

This course is for Microsoft security professionals and those wanting to earn the Microsoft Certified: Security Operations Analyst Associate certification.

None but we recommend:

  • Fundamental understanding of Microsoft security, compliance, and identity products
  • Basic understanding of Microsoft 365
01. Defender for Endpoint
  • Overview
  • Exploring the Dashboard
  • Defender for Endpoint Security
  • Defender for Endpoint Monitoring
02. M365 Defender
  • Overview
  • Incidents and Alerts, Hunting, Vulnerability Management
  • Email and Collaboration, Cloud Apps
03. Working with Defender for Cloud
  • Working with Defender for Cloud
04. Connecting and Onboarding Assets
  • Enable Auto Provisioning
  • Adding a Non-Azure Server
  • Adding Linux Machines
  • Viewing Security Recommendations
  • GCP, Alerts
05. Alerts and Responses
  • Creating Logic Apps
  • Adding a Workflow
  • Creating a Suppression Rule 
  • Exploring Suppressions Rules
06. Creating Queries Using Kusto Query Language
  • Overview
  • Examples
07. Basic Configuration
  • Sentinel Overview and Initial Setup  
  • Permissions, Roles and Log Analytics
  • Data Connectors, Watchlists and Threat Intelligence
08. Logging and Importing
  • Logging and Importing Overview and Example
09. Alerts and Investigation
  • Alerts and Investigation Overview  
  • Exploring Alerts and Investigation 
  • Alerts and Investigation Syslog
10. Sentinel Analytics
  • Sentinel Analytics Overview  
  • Sentinel Analytics Rule Examples
11. Working with Microsoft Sentinel
  • Threat Response 
  • Threat Response Setup 
  • Security Incident Management
12. Anomaly Detection and Hunting
  • Anomaly Rules  
  • Threat Hunting Rules
  • Hunting Queries