Skip to content
Latest Courses

Implementing Cloud Native SecOps with Azure Sentinel


Course
Quantity
For someone else
Learning Admin
Quantity
For someone else
For information on how to enroll in this course, click below.
Contact us

Duration: 2 Days
Level: Intermediate
Learning Mode : Live Online Instructor-Led Training
In this online workshop , you will get hands-on experience and learn how to discover and analyze threats using Azure Sentinel. You will learn how to help your customers in automating their Security Operations to make it more effective. This workshop will help you understand how Microsoft 365 and Azure security products can help you mitigate and protect against the threats present in a given customer environment, and help you build a business case for the production deployment of Azure Sentinel.

Audience Profile

  • SecOps Engineers
  • Cloud security administrators
  • SIEM/SOAR administrators

  Skill Gained

Hands-on experience and learn how to discover and analyze threats using Azure Sentinel. This workshop will help you understand how Microsoft 365 and Azure security products can help you mitigate and protect against the threats present in a given customer environment, and help you build a business case for the production deployment of Azure Sentinel.

Course Agenda

Module 1: Modernize your Security Operations with Azure Sentinel 

Cloud based SecOps simplifies and makes security easy to manage. It harnesses the power of cloud and sets your SecOps teams free of IT work and helps them focus on security work with no limits. This session will introduce Azure Sentinel – Microsoft’s new intelligent, cloud-native SIEM. 

LAB: Getting Started with Azure Sentinel

Module 2: Dive on Correlation Rules, Threat Intelligence and KQL 

In this session you will learn about Rules, Correlation rules, Threat Intelligence and Kusto Query Language (KQL) in Azure Sentinel.

LAB: Working with Data Connectors,  Workbooks, Analytics and Alerts

Module 3: Investigating Identity Actions and Deep Dive into Threat Hunting 

In this session you will  get an insight into Identity, tackling identity with SIEM, out of box identity analytics, as well as into the threat hunting process with Azure Sentinel. 

Lab: Working with Incidents, Investigations and Threat Hunting

Module 4: Azure Sentinel end-to-end SOC

In this session we will see the SOC Incident Workflow, we will discuss about creating rules, triage an incident, investigate an incident and responding. We will also discuss about MSSP (Managed Security Service Provider).  

LAB: Automation with Playbooks

Here is the course outline:

1. Modernize your Security Operations with Azure Sentinel

Cloud based SecOps simplifies and makes security easy to manage. It harnesses the power of cloud and sets your SecOps teams free of IT work and helps them focus on security work with no limits. This session will introduce Azure Sentinel – Microsoft’s new intelligent, cloud-native SIEM.

2. Dive on Correlation Rules, Threat Intelligence and KQL

In this session you will learn about Rules, Correlation rules, Threat Intelligence and Kusto Query Language (KQL) in Azure Sentinel.

3. Investigating Identity Actions and Deep Dive into Threat Hunting

In this session you will  get an insight into Identity, tackling identity with SIEM, out of box identity analytics, as well as into the threat hunting process with Azure Sentinel.

4. Azure Sentinel end-to-end SOC

In this session we will see the SOC Incident Workflow, we will discuss about creating rules, triage an incident, investigate an incident and responding. We will also discuss about MSSP (Managed Security Service Provider).

Back to top