Information Technology

SC-5001 Configure SIEM security operations using Microsoft Sentinel

Get started with Microsoft Sentinel security operations by configuring the Microsoft Sentinel workspace, connecting Microsoft services and Windows security events to Microsoft Sentinel, configuring Microsoft Sentinel analytics rules, and responding to threats with automated responses.

1 Day 8 Hrs 5 Lessons

SC-5001 Configure SIEM security operations using Microsoft Sentinel

Agenda

Plan for the Microsoft Sentinel workspace
Create a Microsoft Sentinel workspace
Manage workspaces across tenants using Azure Lighthouse
Understand Microsoft Sentinel permissions and roles
Manage Microsoft Sentinel settings
Configure logs

Plan for Microsoft services connectors
Connect the Microsoft Office 365 connector
Connect the Microsoft Entra connector
Connect the Microsoft Entra ID Protection connector
Connect the Azure Activity connector

Plan for Windows hosts security events connector
Connect using the Windows Security Events via AMA Connector
Connect using the Security Events via Legacy Agent Connector
Collect Sysmon event logs

What is Microsoft Sentinel Analytics?
Types of analytics rules
Create an analytics rule from templates
Create an analytics rule from wizard
Manage analytics rules

Understand automation options
Create automation rules
Configure SIEM security operations using Microsoft Sentinel

FREE

Interested in course?

Buy Course

Course Type: Instructor Led

course

SC-5001 Configure SIEM security operations using Microsoft Sentinel

Agenda

Lesson 1: Create and manage Microsoft Sentinel workspaces

Lesson 2: Connect Microsoft services to Microsoft Sentinel

Lesson 3: Connect Windows hosts to Microsoft Sentinel

Lesson 4: Threat detection with Microsoft Sentinel analytics

Lesson 5: Automation in Microsoft Sentinel

Tags

FREE