Overview
-
Learn how to implement and administer Azure Sentinel, a cloud-native security event and information management (SEIM) system that detects threats while automating threat responses.
Syllabus
-
Introduction
- Need a central point of analysis for security events?
- What you should know
- Lab setup
- Sentinel feature flyover
- Onboarding Microsoft Sentinel
- Kusto query language quickstart
- Connecting Microsoft services
- Connecting external services
- Integrating threat intelligence
- Detecting threats
- Investigating incidents
- Responding to threats with playbooks
- Security orchestration, automation, and response (SOAR)
- UEBA and machine learning
- Threat hunting basics
- Hunting with bookmarks
- Hunting with notebooks
- Workbooks and dashboards
- Integrating with M365 Defender
- Next steps
