SC-5001 Configure SIEM Security Operations using Microsoft Sentinel

Course Overview

Get started with Microsoft Sentinel security operations by configuring the Microsoft Sentinel workspace, connecting Microsoft services and Windows security events to Microsoft Sentinel, configuring Microsoft Sentinel analytics rules, and responding to threats with automated responses.

Key Learning Areas

Create and configure a Microsoft Sentinel workspace
Deploy a Microsoft Sentinel content hub solution
Connect Windows hosts to Microsoft Sentinel
Configure analytics rules in Microsoft Sentinel
Configure automation in Microsoft Sentinel

Course Outline

Create and Manage Microsoft Sentinel Workspaces

Plan for the Microsoft Sentinel workspace
Create a Microsoft Sentinel workspace
Manage workspaces across tenants using Azure Lighthouse
Understand Microsoft Sentinel permissions and roles
Manage Microsoft Sentinel settings
Configure logs

Connect Microsoft Services to Microsoft Sentinel

Plan for Microsoft services connectors
Connect the Microsoft 365 connector
Connect the Microsoft Entra connector
Connect the Microsoft Entra ID Protection connector
Connect the Azure Activity connector

Connect Windows Hosts to Microsoft Sentinel

Plan for Windows hosts security events connector
Connect using the Windows Security Events via AMA Connector
Connect using the Security Events via Legacy Agent Connector
Collect Sysmon event logs

Threat Detection with Microsoft Sentinel Analytics

Exercise – Detect threats with Microsoft Sentinel analytics
What is Microsoft Sentinel Analytics?
Types of analytics rules
Create an analytics rule from templates
Create an analytics rule from wizard
Manage analytics rules
Exercise – Detect threats with Microsoft Sentinel analytics

Automation in Microsoft Sentinel

Understand automation options
Create automation rules

Configure SIEM security operations using Microsoft Sentinel

Exercise – Configure SIEM operations using Microsoft Sentinel
Exercise – Install Microsoft Sentinel Content Hub solutions and data connectors
Exercise – Configure a data connector Data Collection Rule
Exercise – Perform a simulated attack to validate the Analytic and Automation rules
Exercise – Connect Microsoft Sentinel to Microsoft Defender XDR

Who Benefits

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advise on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft Defender XDR, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

Prerequisites

Fundamental understanding of Microsoft Azure
Basic understanding of Microsoft Sentinel
Experience using Kusto Query Language (KQL) in Microsoft Sentinel

Want this course for your team?

Atmosera can provide this course virtually or on-site. Please reach out to discuss your requirements.