Training: Microsoft Security Operations Analyst

Ref. SC-200T00

Download PDF

Duration:

4

days

Exam:

Optional

Level:

Intermediate

Funding:

Temptraining

ITTA | Trainings | IT Pro | Microsoft Security Operations Analyst

Description

In this official Microsoft 4-day course you will learn how to investigate, respond to, and hunt for threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Azure Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting.

Participant profiles

Security Analysts
Security engineers

Objectives

Explain how Microsoft Defender for Endpoint can remediate risks in your environment
Create a Microsoft Defender for Endpoint environment
Configure Attack Surface Reduction rules on Windows 10 devices
Perform actions on a device using Microsoft Defender for Endpoint
Investigate domains and IP addresses in Microsoft Defender for Endpoint
Investigate user accounts in Microsoft Defender for Endpoint
Configure alert settings in Microsoft Defender for Endpoint
Explain how the threat landscape is evolving
Conduct advanced hunting in Microsoft 365 Defender
Manage incidents in Microsoft 365 Defender
Explain how Microsoft Defender for Identity can remediate risks in your environment.
Investigate DLP alerts in Microsoft Cloud App Security
Explain the types of actions you can take on an insider risk management case.
Configure auto-provisioning in Azure Defender
Remediate alerts in Azure Defender
Construct KQL statements
Filter searches based on event time, severity, domain, and other relevant data using KQL
Extract data from unstructured string fields using KQL
Manage an Azure Sentinel workspace
Use KQL to access the watchlist in Azure Sentinel
Manage threat indicators in Azure Sentinel
Explain the Common Event Format and Syslog connector differences in Azure Sentinel
Connect Azure Windows Virtual Machines to Azure Sentinel
Configure Log Analytics agent to collect Sysmon events
Create new analytics rules and queries using the analytics rule wizard
Create a playbook to automate an incident response
Use queries to hunt for threats
Observe threats over time with livestream

Prerequisites

Basic understanding of Microsoft 365
Fundamental understanding of Microsoft security, compliance, and identity products
Intermediate understanding of Windows 10
Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
Familiarity with Azure virtual machines and virtual networking
Basic understanding of scripting concepts

Course content

Module 1: Mitigate threats using Microsoft Defender for Endpoint

Lesson 1: Protect against threats with Microsoft Defender for Endpoint
Lesson 2: Deploy the Microsoft Defender for Endpoint environment
Lesson 3: Implement Windows 10 security enhancements with Microsoft Defender for Endpoint
Lesson 4: Manage alerts and incidents in Microsoft Defender for Endpoint
Lesson 5: Perform device investigations in Microsoft Defender for Endpoint
Lesson 6: Perform actions on a device using Microsoft Defender for Endpoint
Lesson 7: Perform evidence and entities investigations using Microsoft Defender for Endpoint
Lesson 8: Configure and manage automation using Microsoft Defender for Endpoint
Lesson 9: Configure for alerts and detections in Microsoft Defender for Endpoint
Lesson 10: Utilize Threat and Vulnerability Management in Microsoft Defender for Endpoint

Module 2: Mitigate threats using Microsoft 365 Defender

Lesson 1: Introduction to threat protection with Microsoft 365
Lesson 2: Mitigate incidents using Microsoft 365 Defender
Lesson 3: Protect your identities with Azure AD Identity Protection
Lesson 4: Remediate risks with Microsoft Defender for Office 365
Lesson 5: Safeguard your environment with Microsoft Defender for Identity
Lesson 6: Secure your cloud apps and services with Microsoft Cloud App Security
Lesson 7: Respond to data loss prevention alerts using Microsoft 365
Lesson 8: Manage insider risk in Microsoft 365

Module 3: Mitigate threats using Azure Defender

Lesson 1: Plan for cloud workload protections using Azure Defender
Lesson 2: Explain cloud workload protections in Azure Defender
Lesson 3: Connect Azure assets to Azure Defender
Lesson 4: Connect non-Azure resources to Azure Defender
Lesson 5: Remediate security alerts using Azure Defender

Module 4: Create queries for Azure Sentinel using Kusto Query Language (KQL)

Lesson 1: Construct KQL statements for Azure Sentinel
Lesson 2: Analyze query results using KQL
Lesson 3: Build multi-table statements using KQL
Lesson 4: Work with data in Azure Sentinel using Kusto Query Language

Module 5: Configure your Azure Sentinel environment

Lesson 1: Introduction to Azure Sentinel
Lesson 2: Create and manage Azure Sentinel workspaces
Lesson 3: Query logs in Azure Sentinel
Lesson 4: Use watchlists in Azure Sentinel
Lesson 5: Utilize threat intelligence in Azure Sentinel

Module 6: Connect logs to Azure Sentinel

Lesson 1: Connect data to Azure Sentinel using data connectors
Lesson 2: Connect Microsoft services to Azure Sentinel
Lesson 3: Connect Microsoft 365 Defender to Azure Sentinel
Lesson 4: Connect Windows hosts to Azure Sentinel
Lesson 5: Connect Common Event Format logs to Azure Sentinel
Lesson 6: Connect syslog data sources to Azure Sentinel
Lesson 7: Connect threat indicators to Azure Sentinel

Module 7: Create detections and perform investigations using Azure Sentinel

Lesson 1: Threat detection with Azure Sentinel analytics
Lesson 2: Threat response with Azure Sentinel playbooks
Lesson 3: Security incident management in Azure Sentinel
Lesson 4: Use entity behavior analytics in Azure Sentinel
Lesson 5: Query, visualize, and monitor data in Azure Sentinel

Module 8: Perform threat hunting in Azure Sentinel

Lesson 1: Threat hunting with Azure Sentinel
Lesson 2: Hunt for threats using notebooks in Azure Sentinel

Documentation

Digital courseware included

Lab / Exercises

Lab 1: Mitigate threats using Microsoft Defender for Endpoint

Deploy Microsoft Defender for Endpoint
Mitigate Attacks using Defender for Endpoint

Lab 2: Mitigate threats using Microsoft 365 Defender

Mitigate Attacks with Microsoft 365 Defender

Lab 3: Mitigate threats using Azure Defender

Deploy Azure Defender
Mitigate Attacks with Azure Defender

Lab 4: Create queries for Azure Sentinel using Kusto Query Language (KQL)

Construct Basic KQL Statements
Analyze query results using KQL
Build multi-table statements using KQL
Work with string data using KQL statements

Lab 5: Configure your Azure Sentinel environment

Create an Azure Sentinel Workspace
Create a Watchlist
Create a Threat Indicator

Lab 6: Connect logs to Azure Sentinel

Connect Microsoft services to Azure Sentinel
Connect Windows hosts to Azure Sentinel
Connect Linux hosts to Azure Sentinel
Connect Threat intelligence to Azure Sentinel

Lab 7: Create detections and perform investigations using Azure Sentinel

Create Analytical Rules
Model Attacks to Define Rule Logic
Mitigate Attacks using Azure Sentinel
Create Workbooks in Azure Sentinel

Lab 8: Threat hunting in Azure Sentinel

Threat Hunting in Azure Sentinel
Threat Hunting using Notebooks

Exam

This course prepares you to the SC-200 : Microsoft Security Operations Analyst exam. If you wish to take this exam, please contact our secretariat who will let you know the cost of the exam and will take care of all the necessary administrative procedures for you

Complementary courses

Temptraining funding

ITTA is a partner of Temptraining, the continuing education fund for temporary workers. This training fund can subsidize continuing education for anyone who works for an employer subject to the Collective Work Agreement (CCT) Rental of services.