SC-200: Connect logs to Microsoft Sentinel

סקירה כללית

Title:

SC-200:

Connect Logs to Microsoft Sentinel

Description:

This comprehensive course on Microsoft Sentinel covers essential modules designed to enhance your skills in integrating security operations. By enrolling in this course, you will:

• Understand and apply data connectors, emphasizing Microsoft Sentinel data connector providers and distinguishing between the Common Event Format and Syslog connectors.
• Learn to integrate various Microsoft services with Microsoft Sentinel and how these connections can automatically create incidents.
• Activate and manage key Microsoft 365 Defender connectors including those for Endpoint and Office 365 within Microsoft Sentinel.
• Connect Azure and non-Azure Windows hosts to Microsoft Sentinel, configuring the Log Analytics Agent to monitor Sysmon events effectively.
• Dive into the deployment options of the Common Event Format logs, running scripts to integrate with Microsoft Sentinel seamlessly.
• Develop proficiency in managing Syslog data sources through comprehensive deployment, parsing using KQL, and integration with Log Analytics Agent.
• Configure connections for threat indicators utilizing the TAXII and Threat Intelligence Platform connectors and reviewing threat data.

University:

Provider:

Microsoft Learn

Categories:

Threat Intelligence Courses, SC-200:

Microsoft Security Operations Analyst Courses, Microsoft Sentinel Courses.

נושאים