title
Por favor tome un momento para llenar este formulario. Nos pondremos en contacto con usted lo antes posible.
Los campos obligatorios están marcados con un asterisco (*).
Configure SIEM security operations using Microsoft Sentinel
Descripción del curso
Temario
Get started with Microsoft Sentinel security operations by configuring the Microsoft Sentinel workspace, connecting Microsoft services and Windows security events to Microsoft Sentinel, configuring Microsoft Sentinel analytics rules, and responding to threats with automated responses.Note:
You need an Azure subscription to complete the exercises. If you don't have an Azure subscription, create a free account https://azure.microsoft.com/en-us/free/?azure-portal=true and add a subscription before you begin.
Objetivos
Pre-requisitos
- Fundamental understanding of Microsoft Azure
- Basic understanding of Microsoft Sentinel
- Experience using Kusto Query Language (KQL) in Microsoft Sentinel
Contenido
- Introduction
- Plan for the Microsoft Sentinel workspace
- Create a Microsoft Sentinel workspace
- Manage workspaces across tenants using Azure Lighthouse
- Understand Microsoft Sentinel permissions and roles
- Manage Microsoft Sentinel settings
- Configure logs
- Knowledge check
- Introduction
- Plan for Microsoft services connectors
- Connect the Microsoft Office 365 connector
- Connect the Microsoft Entra connector
- Connect the Microsoft Entra ID Protection connector
- Connect the Azure Activity connector
- Knowledge check
- Introduction
- Plan for Windows hosts security events connector
- Connect using the Windows Security Events via AMA Connector
- Connect using the Security Events via Legacy Agent Connector
- Collect Sysmon event logs
- Knowledge check
- Introduction
- Exercise - Detect threats with Microsoft Sentinel analytics
- What is Microsoft Sentinel Analytics?
- Types of analytics rules
- Create an analytics rule from templates
- Create an analytics rule from wizard
- Manage analytics rules
- Exercise - Detect threats with Microsoft Sentinel analytics
- Introduction
- Understand automation options
- Create automation rules
- Knowledge check
- Introduction
- Exercise - Configure SIEM operations using Microsoft Sentinel
- Exercise - Install Microsoft Sentinel Content Hub solutions and data connectors
- Exercise - Configure a data connector Data Collection Rule
- Exercise - Perform a simulated attack to validate the Analytic and Automation rules
Cursos relacionados
-
Azure SQL Data Warehouse Architecture and SQL
MSSQ-205- Duración: 4 Days
- Formato de entrega: Classroom Training, Online Training
- Precio: 3,060.00 USD
-
Azure SQL Data Warehouse Architecture and SQL
MSSQ-210- Duración: 3 Days
- Formato de entrega: Classroom Training, Online Training
- Precio: 2,295.00 USD
Self-Paced Training Info
Learn at your own pace with anytime, anywhere training
- Same in-demand topics as instructor-led public and private classes.
- Standalone learning or supplemental reinforcement.
- e-Learning content varies by course and technology.
- View the Self-Paced version of this outline and what is included in the SPVC course.
- Learn more about e-Learning
Course Added To Shopping Cart
bla
bla
bla
bla
bla
bla
Self-Paced Training Terms & Conditions
No hay clases que cumplan con sus criterios.
Por favor contáctenos para programar una clase.
STOP! Before You Leave
Save 0% on this course!
Take advantage of our online-only offer & save 0% on any course !
Promo Code skip0 will be applied to your registration