Introduction
Configuring a Security information and event management (SIEM) for Security Operations using Microsoft Sentinel, involves provisioning a Log Analytics workspace and configuring the Microsoft Sentinel options.
You're a Security Operations Analyst working at a company that is currently evaluating the existing security posture of their corporate environment. They need your help in setting up a security information and event management (SIEM) solution to help identify future and ongoing cyber-attacks. To accomplish the goal, they're implementing Microsoft Sentinel. You're responsible for setting up and validating the Microsoft Sentinel environment.
After completing this module, you'll be able to:
- Create and configure a Microsoft Sentinel workspace
- Deploy Microsoft Sentinel Content Hub solutions and data connectors
- Configure Microsoft Sentinel Data Collection rules, NRT Analytic rule and Automation
- Perform a simulated attack to validate Analytic and Automation rules
- Connect Microsoft Sentinel to Microsoft Defender XDR.