Contents
EXAM
Microsoft Security Operations Analyst
SC-200
SC-200
4 days
|
- Minimize threats using Microsoft Defender for Endpoint
- Protection against threats with Microsoft Defender for Endpoint
- Deploying the Microsoft Defender for Endpoint environment
- Implementing Windows 10 security extensions with Microsoft Defender for Endpoint
- Managing alerts and incidents in Microsoft Defender for Endpoint
- Device scans in Microsoft Defender for Endpoint
- Performing actions on a device using Microsoft Defender for Endpoint
- Investigating evidence and entities using Microsoft Defender for Endpoint
- Configuring and managing automation using Microsoft Defender for Endpoint
- Configuring alerts and detections in Microsoft Defender for Endpoint
- Threat and vulnerability management in Microsoft Defender for Endpoint
- Minimize threats using Microsoft 365 Defender
- Introduction to threat protection with Microsoft 365
- Minimize incidents using Microsoft 365 Defender
- Protecting identities with Azure AD Identity Protection
- Eliminating risks with Microsoft Defender for Office 365
- Protect your environment with Microsoft Defender for Identity
- Securing cloud applications and services with Microsoft Cloud App Security
- Responding to data loss alerts using Microsoft 365
- Managing insider risks in Microsoft 365
- Minimize threats using Azure Defender
- Planning the protection of cloud workloads using Azure Defender
- Protection options for cloud workloads in Azure Defender
- Connecting Azure Media Objects to Azure Defender
- Connecting non-Azure resources to Azure Defender
- Eliminating security alerts using Azure Defender
- Creating queries for Azure Sentinel using Kusto Query Language (KQL)
- Constructing KQL statements for Azure Sentinel
- Analyzing query results using KQL
- Creating multi-table statements using KQL
- Working with data in Azure Sentinel using Kusto Query Language
- Configuring the Azure Sentinel environment
- Introduction to Azure Sentinel
- Creating and managing Azure Sentinel workspaces
- Querying logs in Azure Sentinel
- Using Watchlists in Azure Sentinel
- Using Threat Intelligence in Azure Sentinel
- Connecting logs to Azure Sentinel
- Connect data to Azure Sentinel using data connectors
- Connecting Microsoft services to Azure Sentinel
- Connecting Microsoft 365 Defender to Azure Sentinel
- Connecting Windows hosts to Azure Sentinel
- Connecting Common Event Format logs to Azure Sentinel
- Connecting syslog data sources to Azure Sentinel
- Connecting threat indicators to Azure Sentinel
- Creating discoveries and conducting investigations using Azure Sentinel
- Discover threats with Azure Sentinel analytics
- Responding to threats with Azure Sentinel Playbooks
- Managing security incidents in Azure Sentinel
- Analyzing entity behavior in Azure Sentinel
- Querying, visualizing, and monitoring data in Azure Sentinel
- Threat hunting in Azure Sentinel
- Search for threats with Azure Sentinel
- Threat detection using notebooks in Azure Sentinel
|
Goal
In this seminar, you will learn how to minimize cyber threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. Specifically, you will configure and use Azure Sentinel and Kusto Query Language (KQL) for discovery, analysis, and reporting.
The seminar can be used to prepare for certification as Microsoft Security Operations Analyst can be used.
Requirement
Basic understanding of Microsoft 365
Basic understanding of Microsoft security, compliance, and identity products
Understanding Windows 10
Familiarity with Azure services, especially Azure SQL Database and Azure Storage
Familiarity with Azure virtual machines and virtual networking
Basic understanding of scripting concepts
Miscellaneous
- Services already included in the seminar price:
- Conference catering
- Digital Microsoft training materials
- Possible expenses:
- Overnight stays
- Additional catering
- Examination fee
