Configure SIEM security operations using Microsoft Sentinel
Intermediate
Security Operations Analyst
Azure
Microsoft Sentinel
Azure Log Analytics
Microsoft Defender
In this module, you learned how to configure SIEM security operations using Microsoft Sentinel.
Learning objectives
Upon completion of this module, the learner is able to:
- Create and configure a Microsoft Sentinel workspace
- Deploy Microsoft Sentinel Content Hub solutions and data connectors
- Configure Microsoft Sentinel Data Collection rules, NRT Analytic rule, and Automation
- Perform a simulated attack to validate Analytic and Automation rules
- Run a simulation exercise to connect a Microsoft Sentinel workspace to the Microsoft Defender portal
Prerequisites
- An Azure subscription
- Basic experience with Azure services
- Basic knowledge of operational concepts, such as monitoring, logging, and alerting
- Basic experience with Microsoft Defender
- Familiarity with security operations concepts, such as incident response and threat detection
Get started with Azure
Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.