Curso de Microsoft Sentinel con simulaciones prácticas para principiantes.

Resumen

Learn how to expertly administer Microsoft Sentinel (including SOAR and SIEM) with hands on experience! What you'll learn:

Learn the concepts and perform hands on activities needed to master Microsoft Sentinel (SOAR and SIEM)Gain a tremendous amount of knowledge involving Microsoft Sentinel (SOAR and SIEM)Learn using hands on simulations on how to manage Microsoft Sentinel (SOAR and SIEM)Learn how to set up your own test lab for practicing the concepts!

We really hope you'll agree, this training is way more than the average course on Udemy! Have access to the following:

Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified TrainerLecture that explains the concepts in an easy to learn method for someone that is just starting out with this materialInstructor led hands on and simulations to practice that can be followed even if you have little to no experienceTOPICS COVEREDINCLUDINGHANDSONLECTUREANDPRACTICETUTORIALS:

IntroductionWelcome to the courseUnderstanding the Microsoft EnvironmentFoundations of Active Directory DomainsFoundations of RAS, DMZ, and VirtualizationFoundations of the Microsoft Cloud ServicesDONT SKIP:

The first thing to know about Microsoft cloud servicesDONT SKIP:

Azure AD is now renamed to Entra IDQuestions for John ChristopherPerforming hands on activitiesDONT SKIP:

Using Assignments in the courseCreating a free Microsoft 365 AccountGetting your free Azure creditUnderstanding and setting up a Microsoft Sentinel WorkspaceOverview of Microsoft SentinelConfiguring a Microsoft Sentinel workspaceManaging roles regarding SentinelManaging log types, log retention, and data storage in SentinelWorking with data connectors and ingestion in Microsoft SentinelMicrosoft Sentinel data source identificationSetting up connectors for ingesting data into Microsoft SentinelConnecting Sentinel with Microsoft 365 Defender and Defender for CloudCommon Event Format (CEF) and Syslog event collectionsWindows Security Event Collection setup in Microsoft SentinelManaging threat intelligence connectors in Microsoft SentinelWorking with custom log tablesUsing analytics rules in Microsoft SentinelUnderstanding analytics rules in Microsoft SentinelFusion rule configurationSecurity analytics rulesWorking with scheduled query rules in Microsoft SentinelCustom scheduled query rulesWorking with near-real-time (NRT) analytics rulesContent hub analytics rulesWatchlists in Microsoft SentinelThreat indicators in Microsoft SentinelClassification, normalization & security orchestration automated response (SOAR)Working with using entities for classifying and analyzing dataAdvanced Security Information Model(ASIM) queries with Microsoft SentinelASIM parser managementUsing automation rulesUsing playbooks in Microsoft SentinelAutomation rule triggering using analytic rulesAlert and incident playbook triggeringDealing with Incidents and Workbooks for analyzes and interpretation of dataIncident generation in Microsoft SentinelUnderstanding the concepts of triaging incidents in SentinelMicrosoft Sentinel incident investigationHow to respond to Microsoft Sentinel incidentsMulti-workspace incident investigationWorkbook template customization and managementImplementing custom workbooks in Microsoft SentinelWorking with advanced visualizationsThreat hunting and entity behavior analytics in Microsoft SentinelMITRE ATT&CK attack vectors in Microsoft SentinelUsing hunting queries from the content galleryHunting query customizationData investigations with hunting bookmarksUsing Livestream to monitor hunting queriesHow archived log data can be retrieved in Microsoft SentinelSearch job management in Microsoft SentinelEntity Behavior Analytics settingsEntity page investigation of threatsAnomaly detection analytics rules in Microsoft SentinelConclusionCleaning up your lab environmentGetting a Udemy certificateBONUS Where do I go from here?

Programa

• Introducción a Microsoft Sentinel
Visión general de la seguridad en la nube y SIEM
Comprensión de la arquitectura de Microsoft Sentinel
Introducción a las características y capacidades clave
• Configuración de Microsoft Sentinel
Empezando con el portal de Azure
Aprovisionamiento de Microsoft Sentinel
Conexión de fuentes de datos
• Recolección y gestión de datos
Configuración de conectores de datos
Normalización y análisis de los datos ingestados
Comprensión de Log Analytics
• Redacción y gestión de consultas de registro
Introducción al lenguaje de consulta Kusto (KQL)
Redacción de consultas básicas
Técnicas avanzadas de consulta
• Creación y gestión de incidentes
Comprensión del ciclo de vida del incidente
Configuración de reglas de alerta
Uso de la automatización para mejorar la respuesta a incidentes
• Detección y respuesta a amenazas
Despliegue de reglas analíticas
Aprovechamiento del aprendizaje automático para operaciones de seguridad
Creación de consultas de caza
• Simulaciones prácticas
Simulación de caso de estudio del mundo real
Laboratorios interactivos: Simulación de detección de amenazas
Simulación de gestión de incidentes
• Integración de Microsoft Sentinel con otras herramientas
Conexión con Azure Security Center
Integración de soluciones de seguridad de terceros
Aprovechamiento de APIs para integración avanzada
• Monitoreo y optimización de Sentinel
Desarrollo de tableros de monitoreo
Análisis y optimización del rendimiento
Comprensión de la gestión de costos
• Cierre del curso
Mejores prácticas en operaciones de seguridad
Proyecto final: Implementar Microsoft Sentinel en un entorno simulado
Recursos y próximos pasos para el aprendizaje continuo

---

Impartido por

John Christopher

---

Materias

Information Security (InfoSec)