Udemy – Microsoft Sentinel course with hands on sims for beginners
English | Tutorial | Size: 3.82 GB
Learn how to expertly administer Microsoft Sentinel (including SOAR and SIEM) with hands on experience!
We really hope you’ll agree, this training is way more than the average course on Udemy!
Have access to the following:
Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer
Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material
Instructor led hands on and simulations to practice that can be followed even if you have little to no experience
TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS:
Introduction
Welcome to the course
Understanding the Microsoft Environment
Foundations of Active Directory Domains
Foundations of RAS, DMZ, and Virtualization
Foundations of the Microsoft Cloud Services
DONT SKIP: The first thing to know about Microsoft cloud services
DONT SKIP: Azure AD is now renamed to Entra ID
Questions for John Christopher
Performing hands on activities
DONT SKIP: Using Assignments in the course
Creating a free Microsoft 365 Account
Getting your free Azure credit
Understanding and setting up a Microsoft Sentinel Workspace
Overview of Microsoft Sentinel
Configuring a Microsoft Sentinel workspace
Managing roles regarding Sentinel
Managing log types, log retention, and data storage in Sentinel
Working with data connectors and ingestion in Microsoft Sentinel
Microsoft Sentinel data source identification
Content hub solutions in Microsoft Sentinel
Kusto Query Language (KQL) will get covered later in the course
Microsoft connectors for Azure, including Azure Policy & diagnostics
Azure Monitor Agent (AMA) and data collection rules
Using Syslog and Common Event Format (CEF) event collections
Working with Windows Security events and Windows Event Forwarding (WEF) collections
How to create custom log tables in the workspace
Ingesting Azure and Entra ID data
Monitoring data ingestion
Using analytics rules in Microsoft Sentinel
Using entities for classification and analysis
Understanding analytics rules in Microsoft Sentinel
Working with analytics rules
Advanced Security Information Model(ASIM) queries with Microsoft Sentinel
Behavioral analytics in Microsoft Sentinel
Dealing with incidents in Microsoft Sentinel
Incident investigation and remediation in Microsoft Sentinel
Concepts of automation rules and Microsoft Sentinel playbooks
Working with automation rules in Microsoft Sentinel
Working with playbooks in Microsoft Sentinel
Concepts of running playbooks against on-premises resources
Understanding hunting with Kusto Query Language (KQL)
Concepts of Kusto Query Language (KQL)
Using Microsoft’s demo environment for learning KQL
Using basic KQL syntax
Filtering based on time ranges with KQL
Displaying columns, amounts and characters with KQL
Working with variables and combining output data with KQL
Looking at threats analytics by using KQL in Defender
Using Microsoft’s Sentinel and Defender repository for hunting queries
Threat hunting with queries and managing workbooks
Using the MITRE ATT&CK matrix
Working with threat indicators
Working with hunts in Microsoft Sentinel
How to monitor hunting queries
Using hunting bookmarks
Restoring archived log data
Working with search jobs
Using workbook templates
Using custom workbooks that include KQL
Adjusting workbook visualizations
Conclusion
Cleaning up your lab environment
Getting a Udemy certificate
BONUS Where do I go from here?
DOWNLOAD: