Maxtrain.com - info@maxtrain.com - 513-322-8888 - 866-595-6863
SC-200
Microsoft Security Operations Analyst
Description
Microsoft Security Operations Analyst (SC-200) Course Objectives
- Master Microsoft Security Tools: Learn to utilize Azure Sentinel, Azure Defender, and Microsoft 365 Defender to their fullest potential.
- Enhance Threat Detection Skills: Develop the ability to identify and mitigate emerging cyber threats quickly and efficiently.
- Practical Deployment: Gain hands-on experience in setting up, configuring, and managing Microsoft’s security solutions in a live environment.
- Advanced Threat Response: Acquire skills to analyze and respond to security incidents using Microsoft technologies.
- Skill Development for Security Roles: Prepare for key security operations roles with advanced training in threat management, incident response, and security analytics.
Prerequisites
- This course, tailored for aspiring Microsoft Security Operations Analysts.
- Requires a foundational understanding of Microsoft 365, Microsoft security, compliance, and identity products, Windows 10, Azure services, and basic scripting concepts.
Audience
- Security Operations Analysts play a critical role in maintaining IT systems’ integrity. Ideal for those involved in managing threats, security monitoring, and response, primarily using tools like Microsoft Sentinel, Defender for Cloud, and Microsoft 365 Defender.
Microsoft Security Operations Analyst (SC-200) Outline
Microsoft 365 Defender threat Mitigation
- Analyze and remediate threats with Microsoft 365 Defender.
- Labs:
- Deploy Microsoft Defender for Endpoint.
- Mitigate Attacks using Defender for Endpoint.
- Describe Threat and Vulnerability Management in Microsoft Defender for Endpoint.
Mitigate threats using Microsoft Purview
- Focus on risk and compliance solutions in Microsoft Purview.
- Labs: None.
Threat Mitigation using Microsoft 365 Defender for Endpoint
- Learn about cybersecurity threats and Microsoft’s threat protection tools.
- Lab:
- Mitigate threats using Microsoft Defender for Endpoint.
Mitigate threats using Azure Defender for Cloud
- Learn about Azure Defender and Azure Security Center for workload protection.
- Labs:
- Deploy Azure Defender.
- Mitigate Attacks with Azure Defender.
Query Creation for Azure Sentinel using Kusto Query Language (KQL)
- Write KQL statements for Azure Sentinel.
- Lab:
- Construct Basic KQL Statements.
- Analyze query results using KQL.
- Build multi-table statements using KQL.
- Work with string data using KQL statements.
Configure your Azure Sentinel environment
- Configure Azure Sentinel workspace and understand its components.
- Labs:
- Create an Azure Sentinel Workspace.
- Create a Watchlist.
- Create a Threat Indicator.
Connect logs to Azure Sentinel
- Connect data to Azure Sentinel using data connectors.
- Labs:
- Connect Microsoft services to Azure Sentinel.
- Connect Windows hosts to Azure Sentinel.
- Connect Linux hosts to Azure Sentinel.
- Connect Threat intelligence to Azure Sentinel.
Create detections and perform investigations using Azure Sentinel
- Learn to create playbooks and manage incidents in Azure Sentinel.
- Labs:
- Create Analytical Rules.
- Model Attacks to Define Rule Logic.
- Mitigate Attacks using Azure Sentinel.
- Create Workbooks in Azure Sentinel.
Perform threat hunting in Azure Sentinel
- Proactively identify threats in Azure Sentinel.
- Labs:
- Threat Hunting in Azure Sentinel.
- Threat Hunting using Notebooks.
$2395.00
|
4 Days Course |