Implementing Cloud Native SecOps with Azure Sentinel

Audience Profile

• SecOps Engineers
• Cloud security administrators
• SIEM/SOAR administrators

  Skill Gained

Hands-on experience and learn how to discover and analyze threats using Azure Sentinel. This workshop will help you understand how Microsoft 365 and Azure security products can help you mitigate and protect against the threats present in a given customer environment, and help you build a business case for the production deployment of Azure Sentinel.

Module 1: Modernize your Security Operations with Azure Sentinel 

Cloud based SecOps simplifies and makes security easy to manage. It harnesses the power of cloud and sets your SecOps teams free of IT work and helps them focus on security work with no limits. This session will introduce Azure Sentinel – Microsoft’s new intelligent, cloud-native SIEM. 

LAB: Getting Started with Azure Sentinel

Module 2: Dive on Correlation Rules, Threat Intelligence and KQL 

In this session you will learn about Rules, Correlation rules, Threat Intelligence and Kusto Query Language (KQL) in Azure Sentinel.

LAB: Working with Data Connectors,  Workbooks, Analytics and Alerts

Module 3: Investigating Identity Actions and Deep Dive into Threat Hunting 

In this session you will  get an insight into Identity, tackling identity with SIEM, out of box identity analytics, as well as into the threat hunting process with Azure Sentinel. 

Lab: Working with Incidents, Investigations and Threat Hunting

Module 4: Azure Sentinel end-to-end SOC

In this session we will see the SOC Incident Workflow, we will discuss about creating rules, triage an incident, investigate an incident and responding. We will also discuss about MSSP (Managed Security Service Provider).  

LAB: Automation with Playbooks