Watch this video to learn information on how to use and manage Microsoft Sentinel

GET THE FULL COURSE HERE: [ Ссылка ]

Understanding and setting up a Microsoft Sentinel Workspace

*Overview of Microsoft Sentinel
*Configuring a Microsoft Sentinel workspace
*Managing roles regarding Sentinel
*Managing log types, log retention, and data storage in Sentinel

Working with data connectors and ingestion in Microsoft Sentinel

*Microsoft Sentinel data source identification
*Setting up connectors for ingesting data into Microsoft Sentinel
*Connecting Sentinel with Microsoft 365 Defender and Defender for Cloud
*Common Event Format (CEF) and Syslog event collections
*Windows Security Event Collection setup in Microsoft Sentinel
*Managing threat intelligence connectors in Microsoft Sentinel
*Working with custom log tables

Using analytics rules in Microsoft Sentinel

*Understanding analytics rules in Microsoft Sentinel
*Fusion rule configuration
*Security analytics rules
*Working with scheduled query rules in Microsoft Sentinel
*Custom scheduled query rules
*Working with near-real-time (NRT) analytics rules
*Content hub analytics rules
*Watchlists in Microsoft Sentinel
*Threat indicators in Microsoft Sentinel

GET THE REST OF THE COURSE BELOW HERE: [ Ссылка ]

Classification, normalization & security orchestration automated response (SOAR)

*Working with using entities for classifying and analyzing data
*Advanced Security Information Model(ASIM) queries with Microsoft Sentinel
*ASIM parser management
*Using automation rules
*Using playbooks in Microsoft Sentinel
*Automation rule triggering using analytic rules
*Alert and incident playbook triggering

Dealing with Incidents and Workbooks for analyzes and interpretation of data

*Incident generation in Microsoft Sentinel
*Understanding the concepts of triaging incidents in Sentinel
*Microsoft Sentinel incident investigation
*How to respond to Microsoft Sentinel incidents
*Multi-workspace incident investigation
*Workbook template customization and management
*Implementing custom workbooks in Microsoft Sentinel
*Working with advanced visualizations

Threat hunting and entity behavior analytics in Microsoft Sentinel

*MITRE ATT&CK attack vectors in Microsoft Sentinel
*Using hunting queries from the content gallery
*Hunting query customization
*Data investigations with hunting bookmarks
*Using Livestream to monitor hunting queries
*How archived log data can be retrieved in Microsoft Sentinel
*Search job management in Microsoft Sentinel
*Entity Behavior Analytics settings
*Entity page investigation of threats
*Anomaly detection analytics rules in Microsoft Sentinel

свернуть