Configure SIEM security operations using Microsoft Sentinel
Get started with Microsoft Sentinel security operations by configuring the Microsoft Sentinel workspace, connecting Microsoft services and Windows security events to Microsoft Sentinel, configuring Microsoft Sentinel analytics rules, and responding to threats with automated responses.
Note
You need to have your own Azure subscription.
You need an Azure subscription to complete the exercises. If you don't have an Azure subscription, create a free account and add a subscription before you begin. If you're a student, you can take advantage of the Azure for students offer.
Prerequisites
- Fundamental understanding of Microsoft Azure
- Basic understanding of Microsoft Sentinel
- Experience using Kusto Query Language (KQL) in Microsoft Sentinel
Achievement Code
Would you like to request an achievement code?
Modules in this learning path
Learn about the architecture of Microsoft Sentinel workspaces to ensure you configure your system to meet your organization's security operations requirements.
Learn how to connect Microsoft 365 and Azure service logs to Microsoft Sentinel.
One of the most common logs to collect is Windows security events. Learn how Microsoft Sentinel makes this easy with the Security Events connector.
In this module, you learned how Microsoft Sentinel Analytics can help the SecOps team identify and stop cyber attacks.
By the end of this module, you'll be able to use automation rules in Microsoft Sentinel to automated incident management.
In this module, you learned how to configure SIEM security operations using Microsoft Sentinel.