Configure SIEM security operations using Microsoft Sentinel
- Code training M-SC5001
- Duur 1 dag
Andere trainingsmethoden
Methode
Deze training is in de volgende formats beschikbaar:
-
Klassikale training
Klassikaal leren
-
Op locatie klant
Op locatie klant
-
Virtueel leren
Virtueel leren
Vraag deze training aan in een andere lesvorm.
Trainingsbeschrijving
Naar bovenData
Naar boven-
- Methode: Virtueel leren
- Datum: 09 februari, 2026 | 10:00 to 18:00
- Locatie: Virtueel-en-klassikaal (W. Europe )
- Taal: Engels
-
- Methode: Klassikale training
- Datum: 16 maart, 2026 | 09:00 to 17:00
- Locatie: Nieuwegein (Iepenhoeve 5) (W. Europe )
- Taal: Nederlands
-
- Methode: Virtueel leren
- Datum: 16 maart, 2026 | 09:00 to 17:00
- Locatie: Virtueel-en-klassikaal (W. Europe )
- Taal: Nederlands
-
- Methode: Virtueel leren
- Datum: 27 april, 2026 | 09:00 to 17:00
- Locatie: Virtueel-en-klassikaal (W. Europe )
- Taal: Engels
-
- Methode: Virtueel leren
- Datum: 08 juni, 2026 | 10:00 to 18:00
- Locatie: Virtueel-en-klassikaal (W. Europe )
- Taal: Engels
-
- Methode: Klassikale training
- Datum: 06 juli, 2026 | 09:00 to 17:00
- Locatie: Amsterdam ARISTO (Teleportboulevard 100) (W. Europe )
- Taal: Nederlands
Inhoud training
Naar bovenModule 1 : Create and manage Microsoft Sentinel workspaces
Learn about the architecture of Microsoft Sentinel workspaces to ensure you configure your system to meet your organization's security operations requirements.
- Introduction
- Plan for the Microsoft Sentinel workspace
- Create a Microsoft Sentinel workspace
- Manage workspaces across tenants using Azure Lighthouse
- Understand Microsoft Sentinel permissions and roles
- Manage Microsoft Sentinel settings
- Configure logs
- Knowledge check
- Summary and resources
Module 2: Connect Microsoft services to Microsoft Sentinel
- Learn how to connect Microsoft 365 and Azure service logs to Microsoft Sentinel.
- Introduction
- Plan for Microsoft services connectors
- Connect the Microsoft Office 365 connector
- Connect the Microsoft Entra connector
- Connect the Microsoft Entra ID Protection connector
- Connect the Azure Activity connector
- Knowledge check
- Summary and resources
Module 3: Connect Windows hosts to Microsoft Sentinel
One of the most common logs to collect is Windows security events. Learn how Microsoft Sentinel makes this easy with the Security Events connector.
- Introduction
- Plan for Windows hosts security events connector
- Connect using the Windows Security Events via AMA Connector
- Connect using the Security Events via Legacy Agent Connector
- Collect Sysmon event logs
- Knowledge check
- Summary and resources
Module 4: Threat detection with Microsoft Sentinel analytics
In this module, you learned how Microsoft Sentinel Analytics can help the SecOps team identify and stop cyber attacks.
- Introduction
- Exercise - Detect threats with Microsoft Sentinel analytics
- What is Microsoft Sentinel Analytics?
- Types of analytics rules
- Create an analytics rule from templates
- Create an analytics rule from wizard
- Manage analytics rules
- Exercise - Detect threats with Microsoft Sentinel analytics
- Summary
Module 5: Automation in Microsoft Sentinel
By the end of this module, you'll be able to use automation rules in Microsoft Sentinel to automated incident management.
- Introduction
- Understand automation options
- Create automation rules
- Knowledge check
- Summary and resources
Module 6: Configure SIEM security operations using Microsoft Sentinel
In this module, you learned how to configure SIEM security operations using Microsoft Sentinel.
- Introduction
- Exercise - Configure SIEM operations using Microsoft Sentinel
- Exercise - Install Microsoft Sentinel Content Hub solutions and data connectors
- Exercise - Configure a data connector Data Collection Rule
- Exercise - Perform a simulated attack to validate the Analytic and Automation rules
- Summary
Voorkennis
Naar boven- Fundamental understanding of Microsoft Azure
- Basic understanding of Microsoft Sentinel
- Experience using Kusto Query Language (KQL) in Microsoft Sentinel