Microsoft Security Operations Analyst
Description
Learn how to investigate, respond to, and hunt for threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Azure Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.
Intended audience
The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.
Topics
Module 1: Mitigate threats using Microsoft Defender
Introduction to threat protection with Microsoft 365
Mitigate incidents using Microsoft 365 Defender
Remediate risks with Microsoft Defender for Office 365
Microsoft Defender for Identity
Azure AD Identity Protection
Microsoft Cloud App Security
Respond to data loss prevention alerts
Manage insider risk in Microsoft 365
Module 2: Mitigate threats using Microsoft 365 Defender for Endpoint
Protect against threats with Microsoft Defender for Endpoint
Deploy the Microsoft Defender for Endpoint environment
Implement Windows 10 security enhancements
Perform device investigations
Perform actions on a device
Perform evidence and entities investigations
Configure for alerts and detections
Manage insider risk in Microsoft 365
Utilize Threat and Vulnerability Management
Module 3: Mitigate threats using Azure Defender
Plan for cloud workload protections using Azure Defender
Explain cloud workload protections in Azure Defender
Connect Azure assets to Azure Defender
Connect non-Azure resources to Azure Defender
Remediate security alerts using Azure Defender
Module 4: Create queries for Azure Sentinel using Kusto Query Language (KQL)
Construct KQL statements for Azure Sentinel
Analyze query results using KQL
Build multi-table statements using KQL
Work with data in Azure Sentinel using Kusto Query Language
Module 5: Configure your Azure Sentinel environment
Introduction to Azure Sentinel
Create and manage Azure Sentinel workspaces
Query logs in Azure Sentinel
Use watchlists in Azure Sentinel
Utilize threat intelligence in Azure Sentinel
Module 6: Connect logs to Azure Sentinel
Connect data to Azure Sentinel using data connectors
Connect Microsoft services to Azure Sentinel
Connect Microsoft 365 Defender to Azure Sentinel
Connect Windows hosts to Azure Sentinel
Connect Common Event Format logs to Azure Sentinel
Connect syslog data sources to Azure Sentinel
Connect threat indicators to Azure Sentinel
Module 7: Create detections and perform investigations using Azure Sentinel
Threat detection with Azure Sentinel analytics
Threat response with Azure Sentinel playbooks
Security incident management in Azure Sentinel
Use entity behavior analytics in Azure Sentinel
Query, visualize, and monitor data in Azure Sentinel
Module 8: Perform threat hunting in Azure Sentinel
Threat hunting with Azure Sentinel
Hunt for threats using notebooks in Azure Sentinel
האם אתה בטוח שאתה רוצה לסגור את הטופס ולאבד את כל השינויים?
