Cours Microsoft Sentinel avec simulations pratiques pour débutants

Aperçu

Learn how to expertly administer Microsoft Sentinel (including SOAR and SIEM) with hands on experience! What you'll learn:

Learn the concepts and perform hands on activities needed to master Microsoft Sentinel (SOAR and SIEM)Gain a tremendous amount of knowledge involving Microsoft Sentinel (SOAR and SIEM)Learn using hands on simulations on how to manage Microsoft Sentinel (SOAR and SIEM)Learn how to set up your own test lab for practicing the concepts!

We really hope you'll agree, this training is way more than the average course on Udemy! Have access to the following:

Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified TrainerLecture that explains the concepts in an easy to learn method for someone that is just starting out with this materialInstructor led hands on and simulations to practice that can be followed even if you have little to no experienceTOPICS COVEREDINCLUDINGHANDSONLECTUREANDPRACTICETUTORIALS:

IntroductionWelcome to the courseUnderstanding the Microsoft EnvironmentFoundations of Active Directory DomainsFoundations of RAS, DMZ, and VirtualizationFoundations of the Microsoft Cloud ServicesDONT SKIP:

The first thing to know about Microsoft cloud servicesDONT SKIP:

Azure AD is now renamed to Entra IDQuestions for John ChristopherPerforming hands on activitiesDONT SKIP:

Using Assignments in the courseCreating a free Microsoft 365 AccountGetting your free Azure creditUnderstanding and setting up a Microsoft Sentinel WorkspaceOverview of Microsoft SentinelConfiguring a Microsoft Sentinel workspaceManaging roles regarding SentinelManaging log types, log retention, and data storage in SentinelWorking with data connectors and ingestion in Microsoft SentinelMicrosoft Sentinel data source identificationSetting up connectors for ingesting data into Microsoft SentinelConnecting Sentinel with Microsoft 365 Defender and Defender for CloudCommon Event Format (CEF) and Syslog event collectionsWindows Security Event Collection setup in Microsoft SentinelManaging threat intelligence connectors in Microsoft SentinelWorking with custom log tablesUsing analytics rules in Microsoft SentinelUnderstanding analytics rules in Microsoft SentinelFusion rule configurationSecurity analytics rulesWorking with scheduled query rules in Microsoft SentinelCustom scheduled query rulesWorking with near-real-time (NRT) analytics rulesContent hub analytics rulesWatchlists in Microsoft SentinelThreat indicators in Microsoft SentinelClassification, normalization & security orchestration automated response (SOAR)Working with using entities for classifying and analyzing dataAdvanced Security Information Model(ASIM) queries with Microsoft SentinelASIM parser managementUsing automation rulesUsing playbooks in Microsoft SentinelAutomation rule triggering using analytic rulesAlert and incident playbook triggeringDealing with Incidents and Workbooks for analyzes and interpretation of dataIncident generation in Microsoft SentinelUnderstanding the concepts of triaging incidents in SentinelMicrosoft Sentinel incident investigationHow to respond to Microsoft Sentinel incidentsMulti-workspace incident investigationWorkbook template customization and managementImplementing custom workbooks in Microsoft SentinelWorking with advanced visualizationsThreat hunting and entity behavior analytics in Microsoft SentinelMITRE ATT&CK attack vectors in Microsoft SentinelUsing hunting queries from the content galleryHunting query customizationData investigations with hunting bookmarksUsing Livestream to monitor hunting queriesHow archived log data can be retrieved in Microsoft SentinelSearch job management in Microsoft SentinelEntity Behavior Analytics settingsEntity page investigation of threatsAnomaly detection analytics rules in Microsoft SentinelConclusionCleaning up your lab environmentGetting a Udemy certificateBONUS Where do I go from here?

Programme

• Introduction à Microsoft Sentinel
Aperçu de la sécurité cloud et du SIEM
Comprendre l'architecture de Microsoft Sentinel
Introduction aux principales fonctionnalités et capacités
• Mise en place de Microsoft Sentinel
Commencer avec le portail Azure
Approvisionnement de Microsoft Sentinel
Connexion des sources de données
• Collecte et gestion des données
Configuration des connecteurs de données
Normalisation et analyse des données ingérées
Comprendre Log Analytics
• Écriture et gestion des requêtes de journaux
Introduction au langage de requête Kusto (KQL)
Rédiger des requêtes de base
Techniques de requête avancées
• Création et gestion des incidents
Comprendre le cycle de vie des incidents
Configuration des règles d'alerte
Utilisation de l'automatisation pour améliorer la réponse aux incidents
• Détection et réponse aux menaces
Déploiement des règles d'analyse
Exploitation de l'apprentissage automatique pour les opérations de sécurité
Création de requêtes de chasse
• Simulations pratiques
Étude de cas réelle simulée
Laboratoires interactifs : simulation de détection de menaces
Simulation de gestion des incidents
• Intégration de Microsoft Sentinel avec d'autres outils
Connexion avec Azure Security Center
Intégration de solutions de sécurité tierces
Exploitation des API pour une intégration avancée
• Surveillance et optimisation de Sentinel
Développement de tableaux de bord de surveillance
Analyse et optimisation des performances
Comprendre la gestion des coûts
• Clôture du cours
Meilleures pratiques en opérations de sécurité
Projet final : Mise en œuvre de Microsoft Sentinel dans un environnement fictif
Ressources et étapes suivantes pour un apprentissage continu

---

Enseigné par

John Christopher

---

Matières

Information Security (InfoSec)