Back to Training Library

Microsoft Security Operations Analyst (MCS_SC-200)

training placeholder image
Expert, Developer, Beginner
Save as Favorite
4  Days
Price: 1,990.00 €

Content

  • Module 1: Mitigating Threats with Microsoft 365 Defender
  • Analyze threat data across domains and remediate threats quickly with the built-in orchestration and automation in Microsoft 365 Defender. Learn more about cybersecurity threats and how Microsoft's new threat protection tools protect your organization's users, devices, and data. Use advanced identity-based threat detection and remediation to protect your Azure Active Directory identities and applications from attacks.
  • Lesson
  • - Introduction to Microsoft 365 threat protection
  • - Mitigate incidents with Microsoft 365 Defender
  • - Protect your identities with Azure AD Identity Protection
  • - Eliminate risks with Microsoft Defender for Office 365
  • - Secure your environment with Microsoft Defender for Identity
  • - Secure your cloud applications and services with Microsoft Defender for Cloud Apps
  • - Respond to data loss alerts with Microsoft 365
  • - Manage insider risks in Microsoft 365
  • Lab: Defend against threats with Microsoft 365 Defender
  • - Explore Microsoft 365 Defender
  • - After completing this module, participants will be able to
  • - Explain how the threat landscape is evolving
  • - Manage incidents in Microsoft 365 Defender
  • - Perform advanced searches in Microsoft 365 Defender
  • - Investigate alerts in Microsoft 365 Defender
  • - Describe the investigation and remediation capabilities of Azure Active Directory Identity Protection
  • - Explain how Cloud Discovery helps you see what's going on in your organization
  • Module 2: Mitigating threats with Microsoft Defender for Endpoint
  • Deploy the Microsoft Defender for Endpoint platform to detect, investigate, and respond to advanced threats. Learn how Microsoft Defender for Endpoint can help your organization stay secure. Learn how to deploy the Microsoft Defender for Endpoint environment, including device onboarding and security configuration. Learn how to investigate incidents and alerts with Microsoft Defender for Endpoint. You can perform advanced scanning and consult with threat experts. You will also learn how to configure automation in Microsoft Defender for Endpoint by managing environment settings. Finally, you will learn about the vulnerabilities of your environment using threat and vulnerability management in Microsoft Defender for Endpoint.
  • Lesson
  • - Protect against threats with Microsoft Defender for Endpoint
  • - Deploying the Microsoft Defender for Endpoint environment
  • - Implement Windows security enhancements with Microsoft Defender for Endpoint
  • - Performing device scans in Microsoft Defender for Endpoint
  • - Performing actions on a device with Microsoft Defender for Endpoint
  • - Perform evidence and entity investigations with Microsoft Defender for Endpoint
  • - Configure and manage automation with Microsoft Defender for Endpoint
  • - Configure alerts and detections in Microsoft Defender for Endpoint
  • - Using vulnerability management in Microsoft Defender for Endpoint
  • Lab: Deploying Microsoft Defender for Endpoint
  • - Initialize Microsoft Defender for Endpoint
  • - Integrate a device
  • - Configure roles
  • - Configuring device groups
  • Exercise: Defending against attacks with Microsoft Defender for Endpoint
  • - Simulated attacks
  • - After completing this module, participants will be able to
  • - Define the features of Microsoft Defender for Endpoint
  • - Configure the Microsoft Defender for Endpoint environment settings
  • - Configure rules to reduce the attack surface on Windows devices
  • - Describe the forensic information Microsoft Defender for Endpoint collects about devices
  • - Perform forensic data collection with Microsoft Defender for Endpoint
  • - Investigate user accounts in Microsoft Defender for Endpoint
  • - Manage automation settings in Microsoft Defender for Endpoint
  • - Manage indicators in Microsoft Defender for Endpoint
  • - Describe threat and vulnerability management in Microsoft Defender for Endpoint
  • Module 3: Mitigating threats with Microsoft Defender for Cloud
  • Use Microsoft Defender for Cloud to protect and secure Azure, hybrid cloud, and on-premises workloads. Learn about the purpose of Microsoft Defender for Cloud and how to enable it. You will also learn about the protections and detections Microsoft Defender for Cloud provides for each cloud workload. Learn how to add Microsoft Defender for Cloud capabilities to your hybrid environment.
  • Lesson
  • - Plan protections for cloud workloads with Microsoft Defender for Cloud
  • - Connect Azure resources to Microsoft Defender for Cloud
  • - Connect non-Azure resources with Microsoft Defender for Cloud
  • - Manage the security posture in the cloud
  • - Understand how to protect cloud workloads in Microsoft Defender for Cloud
  • - Eliminating security alerts with Microsoft Defender for Cloud
  • Exercise: Mitigating threats with Microsoft Defender for Cloud
  • - rosoft Sentinel
  • - Activate Microsoft Defender for Cloud
  • - Defend against attacks with Microsoft Defender for Cloud
  • - After completing this module, participants will be able to
  • - Describe the features of Microsoft Defender for Cloud
  • - Explain which workloads are protected by Microsoft Defender for Cloud
  • - Explain how the protection features of Microsoft Defender for Cloud work
  • - Configure automatic deployment in Microsoft Defender for Cloud
  • - Describe manual deployment in Microsoft Defender for Cloud
  • - Connect non-Azure machines to Microsoft Defender for Cloud
  • - Describe alerts in Microsoft Defender for Cloud
  • - Removing alerts in Microsoft Defender for Cloud
  • - Automating responses in Microsoft Defender for Cloud
  • Module 4: Creating queries for Microsoft Sentinel with Kusto Query Language (KQL)
  • Write Kusto Query Language (KQL) statements to query log data to perform detection, analysis, and reporting in Microsoft Sentinel. This module will focus on the most commonly used operators. The sample KQL statements show security-related table queries. KQL is the query language used to analyze data to create analytics, workbooks, and perform hunts in Microsoft Sentinel. Learn how the basic KQL statement structure forms the basis for creating more complex statements. Learn how to summarize and visualize data with a KQL statement to provide the foundation for creating detections in Microsoft Sentinel. Learn how to use Kusto Query Language (KQL) to manipulate string data ingested from log sources.
  • Lesson
  • - Constructing KQL statements for Microsoft Sentinel
  • - Analyzing query results with KQL
  • - Creating multi-table statements with KQL
  • - Working with data in Microsoft Sentinel using the Kusto Query Language
  • Lab : Creating queries for Microsoft Sentinel using Kusto Query Language (KQL)
  • - Creating queries for Microsoft Sentinel using the Kusto Query Language (KQL)
  • - After completing this module, participants will be able to
  • - Construct KQL statements
  • - Search log files for security events using KQL
  • - Filter searches by event time, severity, domain and other relevant data using KQL
  • - Summarize data using KQL statements
  • - Render visualizations using KQL statements
  • - Extracting data from unstructured string fields with KQL
  • - Extracting data from structured string data with KQL
  • - Create functions with KQL
  • Module 5: Configure your Microsoft Sentinel environment
  • Get started with Microsoft Sentinel by properly configuring the Microsoft Sentinel workspace. Traditional SIEM (Security Information and Event Management) systems are usually very time-consuming to set up and configure. They are also not necessarily designed for cloud workloads. With Microsoft Sentinel, you can quickly gain valuable security insights from your cloud and on-premises data. This module will help you get started. Learn the architecture of Microsoft Sentinel workspaces to ensure you configure your system to meet your organization's security operations needs. As a Security Operations Analyst, you need to understand the tables, fields, and data that will be included in your workspace. Learn how to query the most commonly used data tables in Microsoft Sentinel.
  • Lesson
  • - Introduction to Microsoft Sentinel
  • - Create and manage Microsoft Sentinel workspaces
  • - Querying logs in Microsoft Sentinel
  • - Using watchlists in Microsoft Sentinel
  • - Using threat data in Microsoft Sentinel
  • Exercise: Configure your Microsoft Sentinel environment
  • - Configure your Microsoft Sentinel environment
  • - After completing this module, participants will be able to
  • - Identify the various components and features of Microsoft Sentinel.
  • - Identify use cases where Microsoft Sentinel is a good solution.
  • - Describe the architecture of the Microsoft Sentinel workspace
  • - Install Microsoft Sentinel workspace
  • - Manage a Microsoft Sentinel workspace
  • - Create a watchlist in Microsoft Sentinel
  • - Use KQL to access the watchlist in Microsoft Sentinel
  • - Manage threat indicators in Microsoft Sentinel
  • - Use KQL to access threat indicators in Microsoft Sentinel
  • Module 6: Connecting logs to Microsoft Sentinel
  • Connect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and across multiple clouds with Microsoft Sentinel. The primary approach to connecting log data is to use the data connectors provided by Microsoft Sentinel. This module provides an overview of the available data connectors. You will learn about the configuration options and data provided by Microsoft Sentinel connectors for Microsoft 365 Defender.
  • Lesson
  • - Connecting data to Microsoft Sentinel via data connectors
  • - Connecting Microsoft services with Microsoft Sentinel
  • - Connecting Microsoft 365 Defender with Microsoft Sentinel
  • - Connecting Windows hosts with Microsoft Sentinel
  • - Connecting Common Event Format logs with Microsoft Sentinel
  • - Connecting syslog data sources with Microsoft Sentinel
  • - Connecting threat indicators with Microsoft Sentinel
  • Exercise : Connecting logs to Microsoft Sentinel
  • - Connect data to Microsoft Sentinel via data connectors
  • - Connect Microsoft services with Microsoft Sentinel
  • - Connect Microsoft 365 Defender with Microsoft Sentinel
  • - Connect Windows hosts with Microsoft Sentinel
  • - Connect Common Event Format logs with Microsoft Sentinel
  • - Connect syslog data sources with Microsoft Sentinel
  • - Connecting threat indicators with Microsoft Sentinel
  • Exercise : Connecting logs with Microsoft Sentinel
  • - Connecting data to Microsoft Sentinel via data connectors
  • - Connecting Windows devices to Microsoft Sentinel via data connectors
  • - Connecting Linux hosts to Microsoft Sentinel via data connectors
  • - Connecting threat data to Microsoft Sentinel using data connectors
  • - After completing this module, participants will be able to
  • - Explain the use of data connectors in Microsoft Sentinel
  • - Explain the differences between Common Event Format and Syslog connectors in Microsoft Sentinel
  • - Connect Microsoft service connectors
  • - explain how connectors automatically create incidents in Microsoft Sentinel
  • - Enable the Microsoft 365 Defender connector in Microsoft Sentinel
  • - Connect Azure Windows Virtual Machines to Microsoft Sentinel
  • - Connect non-Azure Windows hosts to Microsoft Sentinel
  • - Configure the Log Analytics agent to collect Sysmon events
  • - Explain the deployment options of the Common Event Format connector in Microsoft Sentinel
  • - Configure the TAXII connector in Microsoft Sentinel
  • - View threat indicators in Microsoft Sentinel
  • Module 7: Create detections and perform investigations with Microsoft Sentinel
  • Detect previously undetected threats and remediate threats quickly with Microsoft Sentinel's built-in orchestration and automation. You will learn how to create Microsoft Sentinel playbooks to respond to security threats. You will explore Microsoft Sentinel incident management, learn about Microsoft Sentinel events and entities, and discover ways to remediate incidents. You will also learn how to query, visualize and monitor data in Microsoft Sentinel.
  • Lesson
  • - Threat detection with Microsoft Sentinel analytics
  • - Automation in Microsoft Sentinel
  • - Responding to threats with Microsoft Sentinel playbooks
  • - Managing security incidents in Microsoft Sentinel
  • - Identifying threats with entity behavior analytics in Microsoft Sentinel
  • - Normalizing data in Microsoft Sentinel
  • - Query, visualize and monitor data in Microsoft Sentinel
  • - Managing content in Microsoft Sentinel
  • Exercise : Create detections and perform investigations with Microsoft Sentinel
  • - Modify a Microsoft Security rule
  • - Create a playbook
  • - Create a scheduled query
  • - Understand the modeling of detections
  • - Performing attacks
  • - Creating detections
  • - Investigating incidents
  • - Creating workbooks
  • After completing this module, participants will be able to
  • - Explain the importance of Microsoft Sentinel analysis.
  • - Create rules from templates.
  • - Manage rules with changes.
  • - Explain Microsoft Sentinel SOAR functions.
  • - Create a playbook to automate an incident response.
  • - Investigate and manage incident resolution.
  • - Explain the analysis of user and entity behavior in Microsoft Sentinel
  • - Explore entities in Microsoft Sentinel
  • - Visualize security data with Microsoft Sentinel workbooks.
  • Module 8: Performing a threat scan in Microsoft Sentinel
  • In this module, you will learn how to proactively detect threat behavior using Microsoft Sentinel queries. You will also learn how to use bookmarks and livestream for threat hunting. You will also learn how to use notebooks in Microsoft Sentinel for advanced searches.
  • Lesson
  • - Explain threat hunting concepts in Microsoft Sentinel
  • - Threat hunting with Microsoft Sentinel
  • - Using search jobs in Microsoft Sentinel
  • - Detecting threats with the help of notebooks in Microsoft Sentinel
  • Exercise: Threat hunting in Microsoft Sentinel
  • - Performing the threat hunt in Microsoft Sentinel
  • - Threat hunting with notebooks in Microsoft Sentinel
  • - After completing this module, participants will be able to
  • - Describe threat hunting concepts in Microsoft Sentinel
  • - Define a threat hunting hypothesis for use in Microsoft Sentinel
  • - Use queries to search for threats.
  • - Monitor threats over time with Livestream.
  • - Explore API libraries for advanced threat hunting in Microsoft Sentinel
  • - Create and use notebooks in Microsoft Sentinel
  • Upon completion of the course
  • - Upon completion of this course, participants will be able to
  • - Explain how Microsoft Defender for Endpoint can eliminate risks in your environment
  • - Manage a Microsoft Defender for Endpoint environment
  • - Configure rules to reduce attack surfaces on Windows devices
  • - Perform actions on a device with Microsoft Defender for Endpoint
  • - Investigate domains and IP addresses in Microsoft Defender for Endpoint
  • - Investigate user accounts in Microsoft Defender for Endpoint
  • - Configure alert settings in Microsoft 365 Defender
  • - Performing a search in Microsoft 365 Defender
  • - Manage incidents in Microsoft 365 Defender
  • - Explain how Microsoft Defender for Identity can eliminate risks in your environment
  • - Investigate DLP alerts in Microsoft Defender for Cloud apps
  • - Explain the types of actions you can take in cases of insider risk management
  • - Configure automatic deployment in Microsoft Defender for Cloud Apps
  • - Eliminate alerts in Microsoft Defender for Cloud Apps
  • - Construct KQL statements
  • - Filter searches based on event time, severity, domain, and other relevant data with KQL
  • - Extract data from unstructured string fields with KQL
  • - Managing a Microsoft Sentinel workspace
  • - Using KQL to access the watchlist in Microsoft Sentinel
  • - Manage threat indicators in Microsoft Sentinel
  • - Explaining the differences between Common Event Format and Syslog Connector in Microsoft Sentinel
  • - Connecting Azure Windows Virtual Machines with Microsoft Sentinel
  • - Configuring the Log Analytics agent to collect Sysmon events
  • - Create new analytics rules and queries with the Analytics Rules Wizard
  • - Create a playbook to automate a response to an incident
  • - Use queries to search for threats
  • - Monitor threats over time with Livestream
  • Course Description
  • The Microsoft Security Operations Analyst works with the organization's stakeholders to secure the organization's IT systems. Their goal is to reduce organizational risk by quickly remediating active attacks in the environment, advising on improvements to threat protection procedures, and escalating violations of company policies to the appropriate parties. Responsibilities include threat management, monitoring and responding to threats by deploying a variety of security solutions across the environment. The role is primarily responsible for investigating, responding to and detecting threats using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender and third party security products. As the Security Operations Analyst utilizes the operational output of these tools, they are also a key player in the configuration and deployment of these technologies.

START DATE END DATE Location Language Price Seats Available Action
16.12.2024, 09:00 19.12.2024, 17:00 Virtuell German 1,990.00 € 8
Interest list

You can add your name to the list of interested parties at any time and we will contact you as soon as the next dates have been defined.

If you are interested in customized training or have any other questions about this training, please contact us directly.

Get in Contact