Volver a cursos

Microsoft Security Operations Analyst

You are here:
  1. Home
  2. Uncategorized
  3. Microsoft Security Operations Analyst

Introduction

Learn how to investigate, respond to, and hunt for threats with Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. In this course, you will learn how to mitigate cyber threats using these technologies. Specifically, you will configure and use Azure Sentinel and Kusto Query Language (KQL) for detection, analysis, and report generation. The course is designed for individuals working in a security operations role and it helps participants prepare for the SC-200 exam: Microsoft Security Operations Analyst.

 

Objectives

Upon completion of this course, participants will be able to:

  • Explain how Microsoft Defender for Endpoint can remediate risks in their environment.
  • Create a Microsoft Defender for Endpoint environment.
  • Configure Attack Surface Reduction rules on Windows 10 devices.

 

Participant Profile

A Security Operations Analyst collaborates with the organization’s stakeholders to protect the information technology systems. Their objective is to reduce organizational risk by swiftly responding to active attacks in the environment, advising on improvements to threat protection practices, and reporting organizational policy violations to the appropriate stakeholders. Responsibilities include managing, monitoring, and responding to threats using a variety of security solutions within the environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. As the security operations analyst relies on the operational output of these tools, they also play a key role in the configuration and deployment of said technologies.

 

Prerequisites

To successfully complete this course, it is recommended that participants have:

  • Basic understanding of Microsoft 365.
  • Fundamental understanding of Microsoft identity, compliance, and security products.
  • Intermediate understanding of Windows 10.
  • Familiarity with Azure services, specifically Azure SQL Database and Azure Storage.
  • Familiarity with Azure virtual machines and virtual networks.
  • Basic understanding of scripting concepts.

 

Course Materials

Participants will receive a digital copy of each course related to this exam.

 

Certifications and Evaluation

This course is certified byMicrosoft®.

The terms of additional certification services are subject to those established by the license owner or the authorized certification body.

 

Accreditation

A Certificate of Attendance for the SC-200 course will only be issued to participants with an attendance above 75%.

 

Contents

Module 1: Mitigate threats with Microsoft Defender for Endpoint

Implement the Microsoft Defender for Endpoint platform to detect, investigate, and respond to advanced threats. Discover how Microsoft Defender for Endpoint can help your organization stay secure. Learn how to implement the Microsoft Defender for Endpoint environment, including device onboarding and security configuration. Learn how to investigate incidents and alerts with Microsoft Defender for Endpoints. Perform advanced hunts and consult with threat experts. You will also learn how to configure automation in Microsoft Defender for Endpoint through the management of environment configuration. Finally, you will learn to identify the weaknesses in your environment using Threat and Vulnerability Management in Microsoft Defender for Endpoint.

Lessons

  • Protect yourself against threats with Microsoft Defender for Endpoint.
  • Implement the Microsoft Defender for Endpoint environment.
  • Implement Windows 10 security updates with Microsoft Defender for Endpoint.
  • Manage alerts and incidents in Microsoft Defender for Endpoint.
  • Conduct device investigations in Microsoft Defender for Endpoint.
  • Perform actions on a device with Microsoft Defender for Endpoint.
  • Conduct test and entity investigations with Microsoft Defender for Endpoint.
  • Configure and manage automation with Microsoft Defender for Endpoint
  • Configure alerts and detections in Microsoft Defender for Endpoint.
  • Use threat and vulnerability management in Microsoft Defender for Endpoint.
  • Lab:
    • Mitigate threats with Microsoft Defender for Endpoint.
    • Implement Microsoft Defender for Endpoint.
    • Mitigate attacks with Defender for Endpoint.

Module 2: Mitigate threats with Microsoft 365 Defender

Analyze threat data across domains and quickly remediate threats using the orchestration and automation built into Microsoft 365 Defender. Learn about cybersecurity threats and how Microsoft’s new threat protection tools safeguard your organization’s users, devices, and data. Use advanced detection and remediation for identity-based threats to protect your Azure Active Directory identities and applications from risk.

Lessons

  • Introduction to threat protection with Microsoft 365.
  • Mitigate incidents with Microsoft 365 Defender.
  • Protect your identities with Azure AD Identity Protection.
  • Remediate risks with Microsoft Defender for Office 365.
  • Protect your environment with Microsoft Defender for Identity.
  • Protect your cloud applications and services with Microsoft Cloud App Security.
  • Respond to data loss prevention alerts with Microsoft 365.
  • Manage insider risk in Microsoft 365.
  • Lab:
    • Mitigate threats with Microsoft 365 Defender.
    • Mitigate attacks with Microsoft 365 Defender.

Module 3: Mitigate threats with Azure Defender

Use Azure Defender integrated with Azure Security Center for Azure, the hybrid cloud, and the protection and security of on-premises workloads. Learn the purpose of Azure Defender, its relationship with Azure Security Center, and how to enable it. You will also learn about the protections and detections provided by Azure Defender for each cloud workload. Discover how to add Azure Defender capabilities to your hybrid environment.

Lessons

  • Plan cloud workload protections with Azure Defender.
  • Explain cloud workload protections in Azure Defender.
  • Connect Azure assets to Azure Defender.
  • Connect non-Azure resources to Azure Defender.
  • Remediate security alerts with Azure Defender.
  • Lab:
    • Mitigate threats with Azure Defender.
    • Implement Azure Defender.
    • Mitigate attacks with Azure Defender.

 

Module 4: Create queries for Azure Sentinel with Kusto Query Language (KQL)

Write Kusto Query Language (KQL) statements to query log data for detection, analysis, and reporting in Azure Sentinel. This module focuses on the most commonly used operators. Example KQL statements will display queries on security-related tables. KQL is the query language used to perform data analysis, create analyses and workbooks, and run searches in Azure Sentinel. Discover how the basic structure of KQL statements provides the foundation for creating more complex statements. Learn how to summarize and visualize data using a KQL statement that provides the basis for creating detections in Azure Sentinel. Learn how to use Kusto Query Language (KQL) to manipulate string data ingested from log sources.

Lessons

  • Build KQL statements for Azure Sentinel.
  • Analyze query results with KQL.
  • Build multi-table statements using KQL.
  • Work with data in Azure Sentinel with Kusto Query Language.
  • Lab:
    • Create queries for Azure Sentinel with Kusto Query Language (KQL).
    • Build basic KQL statements.
    • Analyze query results with KQL.
    • Build multi-table statements using KQL.
    • Work with string data using KQL statements.

 

Module 5: Configure your Azure Sentinel environment

Start using Azure Sentinel by configuring your Azure Sentinel workspace correctly. Traditional Security Information and Event Management (SIEM) systems often take a long time to install and configure, and they are not necessarily designed with cloud workloads in mind. Azure Sentinel enables you to quickly gain valuable insights into the security of both your cloud and on-premises data. This module helps you get started. Learn about the architecture of Azure Sentinel workspaces to ensure your system is configured to meet your organization’s security operations requirements. As a security operations analyst, you must understand the tables, fields, and data ingested into your workspace. Learn how to query the most commonly used data tables in Azure Sentinel.

Lessons

  • Introduction to Azure Sentinel.
  • Create and manage Azure Sentinel workspaces.
  • Query logs in Azure Sentinel.
  • Use watchlists in Azure Sentinel.
  • Use threat intelligence in Azure Sentinel.
  • Lab:
    • Configure your Azure Sentinel environment.
    • Create an Azure Sentinel workspace.
    • Create a watchlist.
    • Create a threat indicator.

Module 6: Connect logs to Azure Sentinel

Connect cloud-scale data across users, devices, applications, and infrastructure to Azure Sentinel, both on-premises and across multiple clouds. The primary approach for connecting log data is through the data connectors provided by Azure Sentinel. This module provides an overview of the available data connectors. You will learn about configuration options and data provided by Azure Sentinel connectors for Microsoft 365 Defender.

Lessons

  • Connect data to Azure Sentinel using data connectors.
  • Connect Microsoft services to Azure Sentinel.
  • Connect Microsoft 365 Defender to Azure Sentinel.
  • Connect Windows hosts to Azure Sentinel.
  • Connect Common Event Format logs to Azure Sentinel.
  • Connect Syslog data sources to Azure Sentinel.
  • Connect threat indicators to Azure Sentinel.
  • Lab:
    • Connect logs to Azure Sentinel.
    • Connect Microsoft services to Azure Sentinel.
    • Connect Windows hosts to Azure Sentinel.
    • Connect Linux hosts to Azure Sentinel.
    • Connect threat intelligence to Azure Sentinel.

Module 7: Create detections and conduct investigations with Azure Sentinel

Detect previously identified threats and quickly remediate them using the orchestration and automation built into Azure Sentinel. You will learn how to create Azure Sentinel playbooks to respond to security threats. You will investigate the Azure Sentinel incident management, learn about Azure Sentinel events and entities, and discover ways to resolve incidents. You will also learn how to query, view, and monitor data in Azure Sentinel.

Lessons

  • Threat detection with Azure Sentinel analytics.
  • Respond to threats with Azure Sentinel playbooks.
  • Manage security incidents in Azure Sentinel.
  • Use entity behavior analytics in Azure Sentinel.
  • Query, visualize, and monitor data in Azure Sentinel.
  • Lab:
    • Create detections and conduct investigations with Azure Sentinel.
    • Create analytics rules.
    • Use attack models to define rule logic.
    • Mitigate attacks with Azure Sentinel.
    • Create workbooks in Azure Sentinel.

Module 8: Perform threat hunting in Azure Sentinel

In this module, you will learn how to proactively identify threat behaviors using Azure Sentinel queries. You will also learn how to use bookmarks and livestreams to find threats, as well as how to use notebooks in Azure Sentinel for advanced search.

Lessons

  • Hunt for threats using Notebooks in Azure Sentinel.
  • Lab:
    • Threat hunting in Azure Sentinel.
    • Threat hunting in Notebooks.
SC 200/ SC200

Clases a Medida

Solicitar

Clases públicas

Ver calendario de cursos

Detalles del curso

Referencia

Precio

$995.00

Duración

Horario no disponible

Modo de entrega

Consultar

Certificación

Solicitar más información

Cursos
relacionados

Microsoft Power BI Data Analyst

Saber más

Microsoft Cybersecurity Architect

Saber más

Power Platform Developer

Saber más

Microsoft Identity and Access Administrator

Saber más

Managing Microsoft Teams

Saber más

Building applications and solutions with Microsoft 365 core services

Saber más

Microsoft Azure Security Technologies

Saber más

Designing and Implementing Microsoft DevOps Solutions

Saber más

Microsoft Azure Fundamentals (1 day)

Saber más

Designing and Implementing an Azure AI Solution

Saber más