Course Description: Azure Sentinel. Monitoring and automation. The Azur Security Center

This course is taught in online mode and consists of 8 units and practices. The duration of the course is 70 hours that distributes between content and collaboration tools. Upon completion, the student will receive an accrediting diploma.

Training is done through our Virtual Campus , with this modality you will have all the didactic content on the course platform and it will be accessible, from the start day of the course, 24 hours a day, every day of the week. The student will also have participation forums , as well as a continuous tutoring .

The course is taught in teletraining modality (100% bonus option). In-person and remote training actions can also be carried out on demand.

• Access to the platform: 8 weeks
• Individualized support

Introduction

Azure Sentinel is an intelligent security service that provides an integrated solution for threat detection, analysis, and response across cloud and hybrid environments. With Azure Sentinel , you can collect, store, and analyze security data from multiple sources, apply artificial intelligence and machine learning to identify anomalies and threats, create alerts and incidents, investigate and respond to threats with visual and automated tools, and generate reports and custom panels.

In this course you will learn the basic concepts and features of Azure Sentinel, as well as best practices for its implementation and use.

With official Microsoft material . Approved laboratories and trainers certified by the manufacturer with 20 years of experience in security solutions.

Addressed to

The course is aimed at security professionals, system administrators, and developers who want to take advantage of the benefits of Azure Sentinel to protect their environments.

Course contents

Unit 1: Implementation of Azure Security Center. Access to instant virtual machines

Unit 2: What is Azure Sentinel? Azure Sentinel prerequisites. Azure Monitor, alert management, connected sources and log analysis.

• Demo: Configuring Azure Sentinel prerequisites

Unit 3: Azure Sentinel Portal Details

Unit 4: Core operations pillars of Azure Sentinel. Directives and Recommendations

Unit 5: Threat hunting with Azure Sentinel.

Unit 6: Create Crash Dashboards with Sentinel Workbooks

Unit 7: Automating Threat Response Using Sentinel Playbooks

Unit 8: Incident investigation with Azure Sentinel

Practices:

• Task 1: Deploy an Azure virtual machine
• Task 2: Create a Log Analytics workspace
• Task 3: Enable the Log Analytics Virtual Machine Extension
• Task 4: Collect virtual machine performance and event data‎
• Task 5: View and query collected data
• Task 6: Implement a security center
• Task 7: Configure Azure Security Center
• Task 8: Implement Security Center recommendations for installing the Guest Configuration extension
• Task 9. Implement Just In Time for Virtual Machines
• Task 10: Create a proof of concept with Azure Sentinel
• Task 11: Get data from Azure Activity and Security Center
• Task 12: Create and manage default and custom alerts
• Task 13: Using workbooks to automate incident responses
• Task 14: Access and manage Azure Sentinel
• Task 15: Connection activity with Azure Sentinel
• Task 16: Create a rule that uses the Azure Activity Data Connector.
• Task 17: Design and creation of workbooks
• Task 18: Invoke incidents and review associated actions.

The results of practicing with Azure Sentinel are that you have created an Azure Sentinel workspace, connected it to Azure activity logs, created a playbook, and created custom alerts that are triggered in response to deleting policies. virtual machine access just in time and has verified that the configuration is valid.

Previous requirements

To take this course, it is recommended to have prior knowledge of the following topics:

• Azure and its services, especially those related to security, storage and identity.
• Windows and Linux, and their administration and monitoring tools.
• Office 365 and Azure AD, and their security and auditing features.
• Basic concepts of networks, protocols and devices.
• Kusto Query Language (KQL) queries and programming logic.

Other training modalities

If you are interested in taking this course in telepresence mode, contact us: Email: info@nanforiberica.com , Telephone: +34 91 031 66 78, WhatsApp: +34 685 60 05 91