Planning and implementing Microsoft Sentinel (SIEM & SOAR)

Planning and implementing Microsoft Sentinel (SIEM & SOAR)M55610AOTOtherOT-M55610A1.0This course is aimed at IT professionals and Azure administrators that have some experience administering and configuring Azure, but want to gain an insight into implementing Microsoft’s SIEM/SOAR solution, Microsoft Sentinel.Module 1: Overview of Microsoft Sentinel Lessons: <ul> <li>Overview of Microsoft Sentinel</li><li>Data ingestion methods</li><li>Microsoft Sentinel for MSSPs</li><li>User and Entity Behaviour Analytics</li><li>Fusion</li><li>Notebooks</li><li>Management & Automation Tools</li><li>Logs & Costs</li></ul>Module 2: KQL Lessons: <ul> <li>Importance of KQL across Azure</li><li>The User Interface (demo)</li><li>The standard KQL Structure</li><li>Common KQL Commands</li></ul>Module 3: Data Connectors Lessons: <ul> <li>Manage content in Microsoft Sentinel</li><li>Connect data to Microsoft Sentinel using data connectors</li><li>Connect Microsoft services to Microsoft Sentinel</li><li>Connect Microsoft 365 Defender to Microsoft Sentinel</li><li>Connect Windows hosts to Microsoft Sentinel</li><li>Connect Common Event Format logs to Microsoft Sentinel</li><li>Connect syslog data sources to Microsoft Sentinel</li><li>Connect threat indicators to Microsoft Sentinel</li></ul>Module 4 – Analytics Rules Lessons: <ul> <li>Threat detection with Microsoft Sentinel analytics</li><li>Automation in Microsoft Sentinel</li><li>Threat response with Microsoft Sentinel playbooks</li></ul>Module 5 – Incident Management Lessons: <ul> <li>Incident management Overview</li><li>User and Entity Behaviour Analytics</li><li>Data normalization in Microsoft Sentinel</li><li>Query, visualize, and monitor data</li></ul>Module 6 – Hunting Lessons: <ul> <li>Threat hunting concepts</li><li>Threat hunting with Microsoft Sentinel</li><li>Use Search jobs in Microsoft Sentinel</li><li>Hunt for threats using notebooks</li></ul>Module 7 – Watchlists Lessons: <ul> <li>Prioritize incidents</li><li>Import business data</li><li>Reduce Alert Fatigue</li><li>Enrich Event Data</li></ul>Module 8 – Threat Intelligence Lessons: <ul> <li>Threat Intelligence Overview</li><li>Threat Intelligence in Microsoft Sentinel</li></ul>This course is aimed at IT professionals and Azure administrators that have some experience administering and configuring Azure, but want to gain an insight into implementing Microsoft’s SIEM/SOAR solution, Microsoft Sentinel.Module 1: Overview of Microsoft Sentinel Lessons: - Overview of Microsoft Sentinel - Data ingestion methods - Microsoft Sentinel for MSSPs - User and Entity Behaviour Analytics - Fusion - Notebooks - Management & Automation Tools - Logs & Costs Module 2: KQL Lessons: - Importance of KQL across Azure - The User Interface (demo) - The standard KQL Structure - Common KQL Commands Module 3: Data Connectors Lessons: - Manage content in Microsoft Sentinel - Connect data to Microsoft Sentinel using data connectors - Connect Microsoft services to Microsoft Sentinel - Connect Microsoft 365 Defender to Microsoft Sentinel - Connect Windows hosts to Microsoft Sentinel - Connect Common Event Format logs to Microsoft Sentinel - Connect syslog data sources to Microsoft Sentinel - Connect threat indicators to Microsoft Sentinel Module 4 – Analytics Rules Lessons: - Threat detection with Microsoft Sentinel analytics - Automation in Microsoft Sentinel - Threat response with Microsoft Sentinel playbooks Module 5 – Incident Management Lessons: - Incident management Overview - User and Entity Behaviour Analytics - Data normalization in Microsoft Sentinel - Query, visualize, and monitor data Module 6 – Hunting Lessons: - Threat hunting concepts - Threat hunting with Microsoft Sentinel - Use Search jobs in Microsoft Sentinel - Hunt for threats using notebooks Module 7 – Watchlists Lessons: - Prioritize incidents - Import business data - Reduce Alert Fatigue - Enrich Event Data Module 8 – Threat Intelligence Lessons: - Threat Intelligence Overview - Threat Intelligence in Microsoft Sentinel3 days