Mastering Microsoft Sentinel End-to-End Security Operations

Back to all topics
, , ,
  • 3 Day
  • Private Group Training
01

Course Overview

Microsoft Sentinel is a cloud-native Security Information and Event Management (SIEM) solution that leverages built-in AI to help organizations rapidly analyze vast volumes of data. It collects information from a wide range of sources, including users, applications, servers, and devices across both on-premises and cloud environments. With built-in connectors for popular security tools and support for open standards like CEF and Syslog, Sentinel makes it easy to ingest data from virtually any source and quickly analyze millions of records.

This Microsoft Sentinel training course provides a foundational understanding of Microsoft Sentinel, its core components, and key functionalities. You’ll explore Azure analytics and gain insight into the differences between traditional SIEM solutions and modern, cloud-native SIEM architectures.

Why Choose this Course?
Microsoft Azure is the world’s second-largest cloud computing platform, and it’s growing at a breakneck pace. Azure, which was first published in 2010, has a sizable market share. Azure has helped enterprises to scale up their presence, performance, and profitability by providing subscription-based infrastructure, platforms, and services. Azure is a secure, highly available, scalable, and resilient platform for delivering and developing commercial applications. Azure’s service offerings are updated and improved on a regular basis to ensure customer satisfaction. Microsoft Sentinel is a critical Microsoft Azure service. It is impossible to comprehend security operations without its expertise.

02

Key Learning Areas

  • Understand the architecture, features and design goals of .NET 7.0
  • Build .NET 7.0 applications from the command line and Visual Studio
  • Write code using the latest C# features introduced from versions 9.0-11.0
  • Abstract the data access details using the repository design pattern
  • Create a .NET MAUI application and explore its architecture
  • Extensible Application Markup Language (XAML) for .NET MAUI
  • Perform Databinding in a MAUI application
  • Use the Model-View-ViewModel (MVVM) pattern to properly separate the UI from the business and presentation logic
  • Manually create a mock repository
  • Automatically create a mock repository with Moq
  • Inject the repository with dependency injection (DI)
  • Unit test generic code with xUnit
  • Unit test the ViewModel with xUnit, DI and Moq
  • Deploy a .NET MAUI application
  • Explore the techniques for implementing concurrency in a UI application
03

Course Outline

Let’s Get Started with Microsoft Sentinel!

  • Understanding SIEM
  • Why It Matters
  • Microsoft Sentinel Walkthrough
  • Sentinel Pricing Overview

 

Foundational KQL for Microsoft Sentinel and Cybersecurity

  • Most commonly used KQL operators
  • How to analyze query results
  • Building multi-table queries using KQL
  • Working with string data in KQL

 

Get Started with Sentinel – Data Collection

  • What is LAW(Log Analytic Workspace)
  • How to collect the Log?
  • Start using the connector
  • What is Sentinel Workbook

 

Working with Sentinel – Detection

  • What is Log Analytics Workspace (LAW)?
  • How are logs collected in Sentinel?
  • Using data connectors to bring in telemetry
  • Introduction to Sentinel Workbooks

 

Managing & Investigating with Sentinel

  • What are incidents in Sentinel?
  • The incident management lifecycle
  • Managing and investigating incidents
  • Introduction to threat hunting in Sentinel

 

Responding with Sentinel – Automation & SOAR

  • The need for automation in security operations
  • Overview of SOAR (Security Orchestration, Automation, and Response)
  • Introduction to Logic Apps
  • What are Playbooks and how to use them?
  • Implementing automation in Sentinel

 

Exploring Additional Features in Sentinel

  • Introduction to Watchlists
  • Overview of User and Entity Behavior Analytics (UEBA)
  • Using Notebooks in Sentinel

 

Handling Security Operations in Microsoft Azure

  • What are Azure Policies?
  • Configuring and applying Azure Policies
  • Introduction to Microsoft Defender for Cloud (formerly Azure Security Center)
  • Working with Defender for Cloud for enhanced security posture
04

Who Benefits

  • This course is designed for individuals who are beginning their career in Azure Security.
  • It is suitable for beginner to intermediate-level learners who want to understand what Microsoft Sentinel is and how it works.
  • It is also ideal for those looking to gain foundational knowledge of SIEM solutions.
  • The course includes hands-on labs using generic, real-world examples.
  • For demonstration purposes, all labs will utilize free-tier and trial-license products, which may limit some functionality to those available scenarios.
05

Prerequisites

  • Participants must have a basic grasp of Azure Cloud and services
  • Familiarity with security operations in an organization
Want this course for your team?

Atmosera can provide this course virtually or on-site. Please reach out to discuss your requirements.

Request a Quote