Configure SIEM security operations using Microsoft Sentinel
- Course Code M-SC5001
- Duration 1 day
Course Delivery
Course Delivery
This course is available in the following formats:
-
Company Event
Event at company
-
Public Classroom
Traditional Classroom Learning
-
Virtual Learning
Learning that is virtual
Request this course in a different delivery format.
Course Overview
TopCourse Schedule
Top-
- Delivery Format: Virtual Learning
- Date: 26 January, 2026 | 9:00 AM to 5:00 PM
- Location: Virtual (Arab Stand)
- Language: English
-
- Delivery Format: Public Classroom
- Date: 26 January, 2026 | 9:00 AM to 5:00 PM
- Location: Riyadh (Arab Stand)
- Language: English
-
- Delivery Format: Virtual Learning
- Date: 26 February, 2026 | 8:00 AM to 4:00 PM
- Location: Virtual (Arab Stand)
- Language: English
-
- Delivery Format: Public Classroom
- Date: 26 February, 2026 | 9:00 AM to 5:00 PM
- Location: Dubai-Knowledge Village (Arabian St)
- Language: English
-
- Delivery Format: Virtual Learning
- Date: 25 May, 2026 | 9:00 AM to 5:00 PM
- Location: Virtual (Arab Stand)
- Language: English
-
- Delivery Format: Public Classroom
- Date: 25 May, 2026 | 9:00 AM to 5:00 PM
- Location: Cairo-Sheraton (Egypt Stan)
- Language: English
Course Content
TopModule 1 : Create and manage Microsoft Sentinel workspaces
Learn about the architecture of Microsoft Sentinel workspaces to ensure you configure your system to meet your organization's security operations requirements.
- Introduction
- Plan for the Microsoft Sentinel workspace
- Create a Microsoft Sentinel workspace
- Manage workspaces across tenants using Azure Lighthouse
- Understand Microsoft Sentinel permissions and roles
- Manage Microsoft Sentinel settings
- Configure logs
- Knowledge check
- Summary and resources
Module 2: Connect Microsoft services to Microsoft Sentinel
- Learn how to connect Microsoft 365 and Azure service logs to Microsoft Sentinel.
- Introduction
- Plan for Microsoft services connectors
- Connect the Microsoft Office 365 connector
- Connect the Microsoft Entra connector
- Connect the Microsoft Entra ID Protection connector
- Connect the Azure Activity connector
- Knowledge check
- Summary and resources
Module 3: Connect Windows hosts to Microsoft Sentinel
One of the most common logs to collect is Windows security events. Learn how Microsoft Sentinel makes this easy with the Security Events connector.
- Introduction
- Plan for Windows hosts security events connector
- Connect using the Windows Security Events via AMA Connector
- Connect using the Security Events via Legacy Agent Connector
- Collect Sysmon event logs
- Knowledge check
- Summary and resources
Module 4: Threat detection with Microsoft Sentinel analytics
In this module, you learned how Microsoft Sentinel Analytics can help the SecOps team identify and stop cyber attacks.
- Introduction
- Exercise - Detect threats with Microsoft Sentinel analytics
- What is Microsoft Sentinel Analytics?
- Types of analytics rules
- Create an analytics rule from templates
- Create an analytics rule from wizard
- Manage analytics rules
- Exercise - Detect threats with Microsoft Sentinel analytics
- Summary
Module 5: Automation in Microsoft Sentinel
By the end of this module, you'll be able to use automation rules in Microsoft Sentinel to automated incident management.
- Introduction
- Understand automation options
- Create automation rules
- Knowledge check
- Summary and resources
Module 6: Configure SIEM security operations using Microsoft Sentinel
In this module, you learned how to configure SIEM security operations using Microsoft Sentinel.
- Introduction
- Exercise - Configure SIEM operations using Microsoft Sentinel
- Exercise - Install Microsoft Sentinel Content Hub solutions and data connectors
- Exercise - Configure a data connector Data Collection Rule
- Exercise - Perform a simulated attack to validate the Analytic and Automation rules
- Summary
Course Prerequisites
Top- Fundamental understanding of Microsoft Azure
- Basic understanding of Microsoft Sentinel
- Experience using Kusto Query Language (KQL) in Microsoft Sentinel