Planning and implementing Microsoft Sentinel (SIEM & SOAR) - M55610A

Planning and implementing Microsoft Sentinel (SIEM & SOAR) course - M55610A

This hands-on course helps you become familiar with Microsoft Sentinel and gives you hands-on experience with product features, capabilities, and scenarios.

During the course, you will deploy a Microsoft Sentinel workspace and ingest pre-recorded data to simulate scenarios demonstrating various Microsoft Sentinel features.

Microsoft Sentinel - SIEM and SOAR with Azure - Microsoft Sentinel Deployment - Microsoft SIEM SOAR - Azure Cloud Security - Microsoft Sentinel Advanced Course

Addressed to

This course is intended for IT professionals and Azure administrators who have some experience managing and configuring Azure, but want to gain knowledge about implementing Microsoft's SIEM/SOAR solution, Microsoft Sentinel.

Training objectives

The purpose of this course is to train participants to:

• Plan and implement Microsoft Sentinel as a SIEM and SOAR solution.
  
• Configure Log Analytics workspaces and connect relevant data sources.
  
• Implement analysis rules for threat detection.
  
• Automate incident responses using playbooks and automation logic.
  
• Integrate Sentinel with other Microsoft security solutions, such as Defender for Cloud and Azure Key Vault.
  
• Conduct threat research and apply threat hunting techniques.
  
• Optimize security monitoring in hybrid and multicloud environments.

Course Content: Planning and Implementing Microsoft Sentinel (SIEM & SOAR)

Module 1: Microsoft Sentinel Overview

Lessons:

• Microsoft Sentinel Overview
  
• Data ingestion methods
  
• Microsoft Sentinel for MSSP
  
• Analysis of user and entity behavior
  
• Fusion
  
• Notebooks
  
• Management and automation tools
  
• Records and costs

Module 2: KQL

Lessons:

• Importance of KQL in Azure
  
• The user interface (demo)
  
• The standard KQL structure
  
• Common KQL Commands

Module 3: Data Connectors

Lessons:

• Manage content in Microsoft Sentinel
  
• Connect data to Microsoft Sentinel using data connectors
  
• Connect Microsoft services to Microsoft Sentinel
  
• Connect Microsoft 365 Defender to Microsoft Sentinel
  
• Connect Windows hosts to Microsoft Sentinel
  
• Connect Common Event Format logs to Microsoft Sentinel
  
• Connect syslog data sources to Microsoft Sentinel
  
• Connect threat indicators to Microsoft Sentinel

Module 4 – Analysis Rules

Lessons:

• Threat detection with Microsoft Sentinel analysis
  
• Automation in Microsoft Sentinel
  
• Responding to threats with Microsoft Sentinel manuals

Module 5 – Incident Management

Lessons:

• Incident Management Overview
  
• Analysis of user and entity behavior
  
• Data normalization in Microsoft Sentinel
  
• Query, visualize, and monitor data

Module 6 – Hunting

Lessons:

• Threat Hunting Concepts
  
• Threat Hunting with Microsoft Sentinel
  
• Use the job search feature in Microsoft Sentinel
  
• Threat hunting using notebooks

Module 7 – Watchlists

Lessons:

• Prioritize incidents
  
• Import business data
  
• Reduce alert fatigue
  
• Enrich event data

Module 8 – Threat Intelligence

Lessons:

• Threat Intelligence Overview
  
• Threat Intelligence in Microsoft Sentinel

Prerequisites

To get the most out of this course, it is recommended:

Basic knowledge of:

• Microsoft Azure and its portal.
  
• Cloud security and SIEM/SOAR concepts.
  
• Azure management, including role-based access control (RBAC).

Familiarity with:

• Azure Monitor, Log Analytics and Azure Security Center.
  
• Automation and incident response concepts.

Language

• Course: English

• Labs: English