SC-5001 Configure SIEM security operations using Microsoft Sentinel
- Course Duration
- 1 Days
Need Group Training
Course Description
Get started with Microsoft Sentinel security operations by configuring the Microsoft Sentinel workspace, connecting Microsoft services and Windows security events to Microsoft Sentinel, configuring Microsoft Sentinel analytics rules, and responding to threats with automated responses. After completing this course, students will be able to:
- Create and configure a Microsoft Sentinel workspace
- Deploy a Microsoft Sentinel content hub solution
- Connect Windows hosts to Microsoft Sentinel
- Configure analytics rules in Microsoft Sentinel
- Configure automation in Microsoft Sentinel
Course Outline
1 – Create and manage Microsoft Sentinel workspaces
- Plan for the Microsoft Sentinel workspace
- Create a Microsoft Sentinel workspace
- Manage workspaces across tenants using Azure Lighthouse
- Understand Microsoft Sentinel permissions and roles
- Manage Microsoft Sentinel settings
- Configure logs
- Module assessment
2 – Connect Microsoft services to Microsoft Sentinel
- Plan for Microsoft services connectors
- Connect the Microsoft 365 connector
- Connect the Microsoft Entra connector
- Connect the Microsoft Entra ID Protection connector
- Connect the Azure Activity connector
- Module assessment
3 – Connect Windows hosts to Microsoft Sentinel
- Plan for Windows hosts security events connector
- Connect using the Windows Security Events via AMA Connector
- Connect using the Security Events via Legacy Agent Connector
- Collect Sysmon event logs
- Module assessment
4 – Threat detection with Microsoft Sentinel analytics
- What is Microsoft Sentinel Analytics?
- Types of analytics rules
- Create an analytics rule from templates
- Create an analytics rule from wizard
- Manage analytics rules
5 – Automation in Microsoft Sentinel
- Understand automation options
- Create automation rules
- Module assessment