Maxtrain.com - info@maxtrain.com - 513-322-8888 - 866-595-6863
SC-200
Microsoft Security Operations Analyst
Description
Course Objectives
- Master Microsoft Defender for Endpoint to mitigate risks and manage the environment.
- Utilize Microsoft 365 Defender and Azure Defender to protect identities, applications, data, and Azure workloads.
- Develop proficiency in Kusto Query Language (KQL) for effective threat detection and response in Azure Sentinel.
- Configure Azure Sentinel for optimal threat detection and connect various data sources.
- Engage in threat hunting with Azure Sentinel to proactively identify threats.
Prerequisites
- This course, tailored for aspiring Microsoft Security Operations Analysts.
- Requires a foundational understanding of Microsoft 365, Microsoft security, compliance, and identity products, Windows 10, Azure services, and basic scripting concepts.
Audience
- Security Operations Analysts play a critical role in maintaining IT systems’ integrity. Ideal for those involved in managing threats, security monitoring, and response, primarily using tools like Microsoft Sentinel, Defender for Cloud, and Microsoft 365 Defender.
Microsoft Security Operations Analyst (SC-200) Outline
Mitigate threats using Microsoft 365 Defender
- Analyze and remediate threats with Microsoft 365 Defender.
- Labs:
- Deploy Microsoft Defender for Endpoint.
- Mitigate Attacks using Defender for Endpoint.
- Describe Threat and Vulnerability Management in Microsoft Defender for Endpoint.
Mitigate threats using Microsoft Purview
- Focus on risk and compliance solutions in Microsoft Purview.
- Labs: None.
Mitigate threats using Microsoft 365 Defender for Endpoint
- Learn about cybersecurity threats and Microsoft’s threat protection tools.
- Lab:
- Mitigate threats using Microsoft Defender for Endpoint.
Mitigate threats using Azure Defender for Cloud
- Learn about Azure Defender and Azure Security Center for workload protection.
- Labs:
- Deploy Azure Defender.
- Mitigate Attacks with Azure Defender.
Create queries for Azure Sentinel using Kusto Query Language (KQL)
- Write KQL statements for Azure Sentinel.
- Lab:
- Construct Basic KQL Statements.
- Analyze query results using KQL.
- Build multi-table statements using KQL.
- Work with string data using KQL statements.
Configure your Azure Sentinel environment
- Configure Azure Sentinel workspace and understand its components.
- Labs:
- Create an Azure Sentinel Workspace.
- Create a Watchlist.
- Create a Threat Indicator.
Connect logs to Azure Sentinel
- Connect data to Azure Sentinel using data connectors.
- Labs:
- Connect Microsoft services to Azure Sentinel.
- Connect Windows hosts to Azure Sentinel.
- Connect Linux hosts to Azure Sentinel.
- Connect Threat intelligence to Azure Sentinel.
Create detections and perform investigations using Azure Sentinel
- Learn to create playbooks and manage incidents in Azure Sentinel.
- Labs:
- Create Analytical Rules.
- Model Attacks to Define Rule Logic.
- Mitigate Attacks using Azure Sentinel.
- Create Workbooks in Azure Sentinel.
Perform threat hunting in Azure Sentinel
- Proactively identify threats in Azure Sentinel.
- Labs:
- Threat Hunting in Azure Sentinel.
- Threat Hunting using Notebooks.
$2395.00
|
4 Days Course |