Training plan
Module 1: Create and manage Microsoft Sentinel workspaces
- Introduction
- Plan for the Microsoft Sentinel workspace
- Create a Microsoft Sentinel workspace
- Manage workspaces across tenants using Azure Lighthouse
- Understand Microsoft Sentinel permissions and roles
- Manage Microsoft Sentinel settings
- Configure logs
Module 2: Connect Microsoft services to Microsoft Sentinel
- Introduction
- Plan for Microsoft services connectors
- Connect the Microsoft Office 365 connector
- Connect the Microsoft Entra connector
- Connect the Microsoft Entra ID Protection connector
- Connect the Azure Activity connector
Module 3: Connect Windows hosts to Microsoft Sentinel
- Introduction
- Plan for Windows hosts security events connector
- Connect using the Windows Security Events via AMA Connector
- Connect using the Security Events via Legacy Agent Connector
- Collect Sysmon event logs
Module 4: Threat detection with Microsoft Sentinel analytics
- Introduction
- Exercise – Detect threats with Microsoft Sentinel analytics
- What is Microsoft Sentinel Analytics?
- Types of analytics rules
- Create an analytics rule from templates
- Create an analytics rule from wizard
- Manage analytics rules
- Exercise – Detect threats with Microsoft Sentinel analytics
Module 5: Automation in Microsoft Sentinel
- Introduction
- Understand automation options
- Create automation rules
Module 6: Configure SIEM security operations using Microsoft Sentinel
- Introduction
- Exercise – Configure SIEM operations using Microsoft Sentinel
- Exercise – Install Microsoft Sentinel Content Hub solutions and data connectors
- Exercise – Configure a data connector Data Collection Rule
- Exercise – Perform a simulated attack to validate the Analytic and Automation rules
Recommended Prerequisite Knowledge
- Fundamental understanding of Microsoft Azure
- Basic understanding of Microsoft Sentinel
- Experience using Kusto Query Language (KQL) in Microsoft Sentinel
Credentials and certification
Features
- Preparatory training for obtaining a Microsoft Applied Skills credential.
- Performance is assessed through an interactive remote lab.
- Duration: 120 minutes
- Cost: $0
Assessment’s technical tasks
- Create and configure a Microsoft Sentinel workspace
- Deploy a Microsoft Sentinel content hub solution
- Configure analytics rules in Microsoft Sentinel
- Configure automation in Microsoft Sentinel