Microsoft Sentinel
Learning
Learning Paths
Configure Security Information and Event Management (SIEM) operations using Microsoft Sentinel
Levels: Intermediate
Roles: Security Operations Analyst
Modules
Learn how to analyze data in Azure Monitor using Kusto Query Language (KQL).
Levels: Beginner, Intermediate, Advanced
Roles: Business Analyst, Data Analyst, Data Engineer, Data Scientist, Developer, DevOps Engineer, Security Operations Analyst, Technology Manager
Modules
- Explore the fundamentals of data analysis using Kusto Query Language (KQL)
- Write your first query with Kusto Query Language
- Gain insights from your data by using Kusto Query Language
- Write multi-table queries by using Kusto Query Language
- Analyze your Azure infrastructure by using Azure Monitor logs
- Guided project - Analyze logs in Azure Monitor with KQL
Learn how to analyze data using the Kusto Query Language.
Levels: Beginner, Intermediate, Advanced
Roles: Business Analyst, Data Analyst, Data Scientist, Developer, Security Operations Analyst, Data Engineer, Technology Manager
Modules
Learn to design conceptual architecture for data classifications using data residency for Microsoft 365 and Dynamics 365 services while utilizing Azure regions and Customer lockbox. Manage breach notifications in Service Trust Portal and Microsoft Defender for Cloud. And encrypt data throughout its lifecycle.
Levels: Intermediate
Roles: Business User
Modules
SC-200: Perform threat hunting in Microsoft Sentinel
Levels: Intermediate
Roles: Security Operations Analyst
Modules
SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
Levels: Intermediate
Roles: Security Operations Analyst
Modules
This learning path describes basic architecture, core capabilities, and primary use cases of its products. You'll also learn about differences and Get familiar with Microsoft Sentinel, a cloud-native, security information and event management (SIEM) service.
Levels: Beginner
Roles: Administrator, DevOps Engineer, Security Engineer, Solution Architect
Modules
- Introduction to Microsoft Sentinel
- Deploy Microsoft Sentinel and connect data sources
- Threat detection with Microsoft Sentinel analytics
- Security incident management in Microsoft Sentinel
- Threat hunting with Microsoft Sentinel
- Threat response with Microsoft Sentinel playbooks
- Query, visualize, and monitor data in Microsoft Sentinel
SC-200: Configure your Microsoft Sentinel environment
Levels: Intermediate
Roles: Security Operations Analyst
Modules
Develop an effective instrumentation strategy through logging, telemetry, and monitoring and prepare for Exam AZ-400: Designing and Implementing Microsoft DevOps Solutions.
Levels: Beginner
Roles: DevOps Engineer, Administrator, Developer, Solution Architect
Modules
- Capture Web Application Logs with App Service Diagnostics Logging
- Control and organize Azure resources with Azure Resource Manager
- Microsoft Azure Well-Architected Framework - Performance efficiency
- Microsoft Azure Well-Architected Framework - Operational excellence
- Analyze your Azure infrastructure by using Azure Monitor logs
- Capture and view page load times in your Azure web app with Application Insights
- Instrument server-side web application code with Application Insights
- React to state changes in your Azure services by using Event Grid
- Design a holistic monitoring strategy on Azure
SC-200: Connect logs to Microsoft Sentinel
Levels: Intermediate
Roles: Security Operations Analyst
Modules
- Connect data to Microsoft Sentinel using data connectors
- Connect Microsoft services to Microsoft Sentinel
- Connect Microsoft 365 Defender to Microsoft Sentinel
- Connect Windows hosts to Microsoft Sentinel
- Connect Common Event Format logs to Microsoft Sentinel
- Connect syslog data sources to Microsoft Sentinel
- Connect threat indicators to Microsoft Sentinel
SC-200: Create detections and perform investigations using Microsoft Sentinel
Levels: Intermediate
Roles: Security Operations Analyst
Modules
- Threat detection with Microsoft Sentinel analytics
- Automation in Microsoft Sentinel
- Threat response with Microsoft Sentinel playbooks
- Security incident management in Microsoft Sentinel
- Identify threats with Behavioral Analytics
- Data normalization in Microsoft Sentinel
- Query, visualize, and monitor data in Microsoft Sentinel
- Manage content in Microsoft Sentinel