Overview
Title: SC-200: Connect Logs to Microsoft Sentinel
Description: This comprehensive course on Microsoft Sentinel covers essential modules designed to enhance your skills in integrating security operations. By enrolling in this course, you will:
- Understand and apply data connectors, emphasizing Microsoft Sentinel data connector providers and distinguishing between the Common Event Format and Syslog connectors.
- Learn to integrate various Microsoft services with Microsoft Sentinel and how these connections can automatically create incidents.
- Activate and manage key Microsoft 365 Defender connectors including those for Endpoint and Office 365 within Microsoft Sentinel.
- Connect Azure and non-Azure Windows hosts to Microsoft Sentinel, configuring the Log Analytics Agent to monitor Sysmon events effectively.
- Dive into the deployment options of the Common Event Format logs, running scripts to integrate with Microsoft Sentinel seamlessly.
- Develop proficiency in managing Syslog data sources through comprehensive deployment, parsing using KQL, and integration with Log Analytics Agent.
- Configure connections for threat indicators utilizing the TAXII and Threat Intelligence Platform connectors and reviewing threat data.
University:
Provider: Microsoft Learn
Categories: Threat Intelligence Courses, SC-200: Microsoft Security Operations Analyst Courses, Microsoft Sentinel Courses.
Syllabus
Taught by
Tags
Microsoft Learn
Microsoft Learn
170 Courses
Microsoft Learn
Free Online Course
English
2 hours 54 minutes
On-Demand
Intermediate