Course
Microsoft Security Operations Analyst – Intensive Training («SC200»)
Learn how to investigate, respond to, and hunt for threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender.
Vendor code
SC-200
Duration
4 days
Price
3'400.–
Course documents
Official Microsoft Courseware and Microsoft Learn
Alternative learning format available:
Microsoft Security Operations Analyst – Flexible Training («SC200V»)
Course facts
- Mitigating threats using Microsoft 365 Defender
- Mitigating threats using Azure Defender for Cloud
- Mitigating threats using Azure Sentinel
Course modules:
Introduction to Microsoft 365 threat protection
- In this module, you'll learn how to use the Microsoft 365 Defender integrated threat protection suite.
- Learn how the Microsoft 365 Defender portal provides a unified view of incidents from the Microsoft 365 Defender family of products.
- Use the advanced detection and remediation of identity-based threats to protect your Azure Active Directory identities and applications from compromise.
- Learn about the Microsoft Defender for Office 365 component of Microsoft 365 Defender.
- Learn about the Microsoft Defender for Identity component of Microsoft 365 Defender.
- Microsoft Defender for Cloud Apps is a cloud access security broker (CASB) that operates on multiple clouds. It provides rich visibility, control over data travel, and sophisticated analytics to identify and combat cyberthreats across all your cloud services. Learn how to use Defender for Cloud Apps in your organization.
- As a Security Operations Analyst, you need to understand compliance related terminology and alerts. Learn how the data loss prevention alerts will help in your investigation to find the full scope of the incident.
- Microsoft Purview Insider Risk Management helps organizations address internal risks, such as IP theft, fraud, and sabotage. Learn about insider risk management and how Microsoft technologies can help you detect, investigate, and take action on risky activities in your organization.
- This module examines how to search for audited activities using the Microsoft Purview Audit (UAL) solution, including how to export, configure, and view the audit log records that were retrieved from an audit log search.
- This module explores the differences between Microsoft Purview Audit (Standard) and Audit (Premium), plus the key functionality in Audit (Premium), including setup requirements, enabling audit logging, creating audit log retention policies, and performing forensics investigations.
- This module examines how to search for content in the Microsoft Purview compliance portal using Content Search functionality, including how to view and export the search results, and configure search permissions filtering.
- Learn how Microsoft Defender for Endpoint can help your organization stay secure.
- Learn how to deploy the Microsoft Defender for Endpoint environment, including onboarding devices and configuring security.
- Microsoft Defender for Endpoint gives you various tools to eliminate risks by reducing the surface area for attacks without blocking user productivity. Learn about Attack Surface Reduction (ASR) with Microsoft Defender for Endpoint.
- Microsoft Defender for Endpoint provides detailed device information, including forensics information. Learn about information available to you through Microsoft Defender for Endpoint that will aid in your investigations.
- Learn how Microsoft Defender for Endpoint provides the remote capability to contain devices and collect forensics data.
- Learn about the artifacts in your environment and how they relate to other artifacts and alerts that will provide you with insight to understand the overall impact to your environment.
- Learn how to configure automation in Microsoft Defender for Endpoint by managing environmental settings.
- Learn how to configure settings to manage alerts and notifications. You'll also learn to enable indicators as part of the detection process.
- Learn about your environment's weaknesses by using Vulnerability Management in Microsoft Defender for Endpoint.
- Learn the purpose of Microsoft Defender for Cloud and how to enable the system.
- Learn how to connect your various Azure assets to Microsoft Defender for Cloud to detect threats.
- Learn how you can add Microsoft Defender for Cloud capabilities to your hybrid environment.
- Microsoft Defender for Cloud, Cloud Security Posture Management (CSPM) provides visibility into vulnerable resources and provides hardening guidance.
- Learn about the protections and detections provided by Microsoft Defender for Cloud with each cloud workload.
- Learn how to remediate security alerts in Microsoft Defender for Cloud.
- KQL is the query language used to perform analysis on data to create analytics, workbooks, and perform hunting in Microsoft Sentinel. Learn how basic KQL statement structure provides the foundation to build more complex statements.
- Learn how to summarize and visualize data with a KQL statement provides the foundation to build detections in Microsoft Sentinel.
- Learn how to work with multiple tables using KQL.
- Learn how to use the Kusto Query Language (KQL) to manipulate string data ingested from log sources.
- Traditional security information and event management (SIEM) systems typically take a long time to set up and configure. They're also not necessarily designed with cloud workloads in mind. Microsoft Sentinel enables you to start getting valuable security insights from your cloud and on-premises data quickly. This module helps you get started.
- Learn about the architecture of Microsoft Sentinel workspaces to ensure you configure your system to meet your organization's security operations requirements.
- As a Security Operations Analyst, you must understand the tables, fields, and data ingested in your workspace. Learn how to query the most used data tables in Microsoft Sentinel.
- Learn how to create Microsoft Sentinel watchlists that are a named list of imported data. Once created, you can easily use the named watchlist in KQL queries.
- Learn how the Microsoft Sentinel Threat Intelligence page enables you to manage threat indicators.
- The primary approach to connect log data is using the Microsoft Sentinel provided data connectors. This module provides an overview of the available data connectors.
- Learn how to connect Microsoft 365 and Azure service logs to Microsoft Sentinel.
- Learn about the configuration options and data provided by Microsoft Sentinel connectors for Microsoft 365 Defender.
- One of the most common logs to collect is Windows security events. Learn how Microsoft Sentinel makes this easy with the Security Events connector.
- Most vendor-provided connectors utilize the CEF connector. Learn about the Common Event Format (CEF) connector's configuration options.
- Learn about the Azure Monitor Agent Linux Syslog Data Collection Rule configuration options, which enable you to parse Syslog data.
- Learn how to connect Threat Intelligence Indicators to the Microsoft Sentinel workspace using the provided data connectors.
- In this module, you learned how Microsoft Sentinel Analytics can help the SecOps team identify and stop cyber attacks.
- By the end of this module, you'll be able to use automation rules in Microsoft Sentinel to automated incident management.
- Learn about security incidents, incident evidence and entities, incident management, and how to use Microsoft Sentinel to handle incidents.
- Learn how to use entity behavior analytics in Microsoft Sentinel to identify threats inside your organization.
- By the end of this module, you'll be able to use ASIM parsers to identify threats inside your organization.
- This module describes how to query, visualize, and monitor data in Microsoft Sentinel.
- By the end of this module, you'll be able to manage content in Microsoft Sentinel.
- Learn the threat hunting process in Microsoft Sentinel.
- In this module, you'll learn to proactively identify threat behaviors by using Microsoft Sentinel queries. You'll also learn to use bookmarks and livestream to hunt threats.
- In Microsoft Sentinel, you can search across long time periods in large datasets by using a search job.
- Learn how to use notebooks in Microsoft Sentinel for advanced hunting.
Digicomp Blended Learning Approach:
- Pre-Study: As soon as you have booked the training, you will receive access to our exclusive Learning Support and can individually familiarize yourself with the Microsoft Learn content. We recommend that you go through the content superficially and invest a little more time in those areas where a lot of knowledge is missing.
- After-Study: After the training you will have access to the Learning Support for another 30 days and can continue to work on the subject matter as required to ensure a lasting learning experience.
- Learning Support: By means of forums, you have the opportunity to ask questions at any time and within a few hours you will receive a solution that will help you get ahead.
- Basic understanding of Microsoft 365
- Fundamental understanding of Microsoft security, compliance, and identity products
- Intermediate understanding of Windows 10
- Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
- Familiarity with Azure virtual machines and virtual networking
- Basic understanding of scripting concepts
- Exam: «SC-200: Microsoft Security Operations Analyst» for the
- Certification: «Microsoft Certified: Security Operations Analyst Associate»