This SOC Analyst training course allows you to:
- Understand the Security Operation Center (SOC) team operations
- Understand Blue Team operations architecture
- In-depth knowledge of digital forensics, threat intelligence, and incident response
- Understand technical strategies, tools, and procedures to safeguard data for your organization
- Understand essential SOC tools like Splunk and Security Onion
- Understand how to recognize threats and implement countermeasures
Agenda
Module 1: Mitigate threats using Microsoft Defender for Endpoint
- Protect against threats with Microsoft Defender for Endpoint
- Deploy the Microsoft Defender for Endpoint environment
- Implement Windows 10 security enhancements with Microsoft Defender for Endpoint
- Manage alerts and incidents in Microsoft Defender for Endpoint
- Perform device investigations in Microsoft Defender for Endpoint
- Perform actions on a device using Microsoft Defender for Endpoint
- Perform evidence and entities investigations using Microsoft Defender for Endpoint
- Configure and manage automation using Microsoft Defender for Endpoint
- Configure for alerts and detections in Microsoft Defender for Endpoint
- Utilize Threat and Vulnerability Management in Microsoft Defender for Endpoint
Module 2: Mitigate threats using Microsoft 365 Defender
- Introduction to threat protection with Microsoft 365
- Mitigate incidents using Microsoft 365 Defender
- Protect your identities with Azure AD Identity Protection
- Remediate risks with Microsoft Defender for Office 365
- Safeguard your environment with Microsoft Defender for Identity
- Secure your cloud apps and services with Microsoft Cloud App Security
- Respond to data loss prevention alerts using Microsoft 365
- Manage insider risk in Microsoft 365
Module 3: Mitigate threats using Azure Defender
- Plan for cloud workload protections using Azure Defender
- Explain cloud workload protections in Azure Defender
- Connect Azure assets to Azure Defender
- Connect non-Azure resources to Azure Defender
- Remediate security alerts using Azure Defender
Module 4: Create queries for Azure Sentinel using Kusto Query Language (KQL)
- Construct KQL statements for Azure Sentinel
- Analyse query results using KQL
- Build multi-table statements using KQL
- Work with data in Azure Sentinel using Kusto Query Language
Module 5: Configure your Azure Sentinel environment
- Introduction to Azure Sentinel
- Create and manage Azure Sentinel workspaces
- Query logs in Azure Sentinel
- Use watchlists in Azure Sentinel
- Utilize threat intelligence in Azure Sentinel
Module 6: Connect logs to Azure Sentinel
- Connect data to Azure Sentinel using data connectors
- Connect Microsoft services to Azure Sentinel
- Connect Microsoft 365 Defender to Azure Sentinel
- Connect Windows hosts to Azure Sentinel
- Connect Common Event Format logs to Azure Sentinel
- Connect syslog data sources to Azure Sentinel
- Connect threat indicators to Azure Sentinel
Module 7: Create detections and perform investigations using Azure Sentinel
- Threat detection with Azure Sentinel analytics
- Threat response with Azure Sentinel playbooks
- Security incident management in Azure Sentinel
- Use entity behaviour analytics in Azure Sentinel
- Query, visualize, and monitor data in Azure Sentinel
Module 8: Perform threat hunting in Azure Sentinel
- Threat hunting with Azure Sentinel
Hunt for threats using notebooks in Azure Sentinel
The popularity of Microsoft certifications has been radically increasing lately because they carry a lot of benefits:
- Using a range of security solutions in their environment, this certification offers threat management, tracking, and response.
- The certification will provide you with in-depth knowledge and understanding of the security of operations.
- It improves your practical understanding of Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender.
- It inspires further up-gradation of your skills.
- Your security knowledge will be validated with this credential.
- It also demonstrates that you are genuinely committed to professional growth and lifelong learning
The Microsoft Certified: Security Operations Analyst Associate course is designed for individuals seeking to excel in security operations roles within an organization. The course is ideal for:
- Security Engineers
- Security Operations Analysts
Professionals in these roles will benefit from gaining in-depth knowledge of security operations and enhancing their ability to rapidly respond to cyber threats, advise on threat protection practices, and ensure the security of IT systems. This course is suitable for both aspiring security operations analysts and existing professionals looking to upgrade their skills and obtain a valuable Microsoft certification.
- Basic understanding of Microsoft 365
- Fundamental understanding of Microsoft security, compliance, and identity products
- Intermediate understanding of Windows 10
- Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
- Familiarity with Azure virtual machines and virtual networking
- Basic understanding of scripting concepts.
SC-200 is great for beginner professionals. It helps to understand security, compliance, and identity (SCI) for cloud-based services and related platforms. The course is designed for people with some IT experience, especially in Microsoft 365
the course provides an understanding of the available Microsoft solutions that can be used to perform your job duties in network security, infrastructure security, identity security, and data protection.
- Exam code: SC-200
- Language: English
- Domains:
- Mitigate threats using Microsoft 365 Defender (25-30%)
- Mitigate threats using Microsoft Defender for Cloud (20-25%)
- Mitigate threats using Microsoft Sentinel (50-55%)
Microsoft
