Configure SIEM security operations using Microsoft Sentinel

Module 1 : Create and manage Microsoft Sentinel workspaces

Learn about the architecture of Microsoft Sentinel workspaces to ensure you configure your system to meet your organization's security operations requirements.

• Introduction
• Plan for the Microsoft Sentinel workspace
• Create a Microsoft Sentinel workspace
• Manage workspaces across tenants using Azure Lighthouse
• Understand Microsoft Sentinel permissions and roles
• Manage Microsoft Sentinel settings
• Configure logs
• Knowledge check
• Summary and resources

Module 2: Connect Microsoft services to Microsoft Sentinel

• Learn how to connect Microsoft 365 and Azure service logs to Microsoft Sentinel.
• Introduction
• Plan for Microsoft services connectors
• Connect the Microsoft Office 365 connector
• Connect the Microsoft Entra connector
• Connect the Microsoft Entra ID Protection connector
• Connect the Azure Activity connector
• Knowledge check
• Summary and resources

Module 3: Connect Windows hosts to Microsoft Sentinel

One of the most common logs to collect is Windows security events. Learn how Microsoft Sentinel makes this easy with the Security Events connector.

• Introduction
• Plan for Windows hosts security events connector
• Connect using the Windows Security Events via AMA Connector
• Connect using the Security Events via Legacy Agent Connector
• Collect Sysmon event logs
• Knowledge check
• Summary and resources

Module 4: Threat detection with Microsoft Sentinel analytics

In this module, you learned how Microsoft Sentinel Analytics can help the SecOps team identify and stop cyber attacks.

• Introduction
• Exercise - Detect threats with Microsoft Sentinel analytics
• What is Microsoft Sentinel Analytics?
• Types of analytics rules
• Create an analytics rule from templates
• Create an analytics rule from wizard
• Manage analytics rules
• Exercise - Detect threats with Microsoft Sentinel analytics
• Summary

Module 5: Automation in Microsoft Sentinel

By the end of this module, you'll be able to use automation rules in Microsoft Sentinel to automated incident management.

• Introduction
• Understand automation options
• Create automation rules
• Knowledge check
• Summary and resources

Module 6: Configure SIEM security operations using Microsoft Sentinel

In this module, you learned how to configure SIEM security operations using Microsoft Sentinel.

• Introduction
• Exercise - Configure SIEM operations using Microsoft Sentinel
• Exercise - Install Microsoft Sentinel Content Hub solutions and data connectors
• Exercise - Configure a data connector Data Collection Rule
• Exercise - Perform a simulated attack to validate the Analytic and Automation rules
• Summary

• Fundamental understanding of Microsoft Azure
• Basic understanding of Microsoft Sentinel
• Experience using Kusto Query Language (KQL) in Microsoft Sentinel