SC-200: Connect logs to Microsoft Sentinel

via Microsoft Learn

Microsoft Learn

184 Courses


Overview

Title: SC-200: Connect Logs to Microsoft Sentinel

Description: This comprehensive course on Microsoft Sentinel covers essential modules designed to enhance your skills in integrating security operations. By enrolling in this course, you will:

  • Understand and apply data connectors, emphasizing Microsoft Sentinel data connector providers and distinguishing between the Common Event Format and Syslog connectors.
  • Learn to integrate various Microsoft services with Microsoft Sentinel and how these connections can automatically create incidents.
  • Activate and manage key Microsoft 365 Defender connectors including those for Endpoint and Office 365 within Microsoft Sentinel.
  • Connect Azure and non-Azure Windows hosts to Microsoft Sentinel, configuring the Log Analytics Agent to monitor Sysmon events effectively.
  • Dive into the deployment options of the Common Event Format logs, running scripts to integrate with Microsoft Sentinel seamlessly.
  • Develop proficiency in managing Syslog data sources through comprehensive deployment, parsing using KQL, and integration with Log Analytics Agent.
  • Configure connections for threat indicators utilizing the TAXII and Threat Intelligence Platform connectors and reviewing threat data.

University:

Provider: Microsoft Learn

Categories: Threat Intelligence Courses, SC-200: Microsoft Security Operations Analyst Courses, Microsoft Sentinel Courses.

Syllabus


Taught by


Tags

united states

provider Microsoft Learn

Microsoft Learn

184 Courses


Microsoft Learn

pricing Free Online Course
language English
duration 2 hours 54 minutes
sessions On-Demand
level Intermediate