SC-200: Configure your Microsoft Sentinel environment
Get started with Microsoft Sentinel by properly configuring the Microsoft Sentinel workspace. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst.
Prerequisites
- Fundamental understanding of Microsoft security, compliance, and identity products
- Ability to use KQL in Microsoft Sentinel like you could learn from learning path SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
Achievement Code
Would you like to request an achievement code?
Modules in this learning path
Traditional security information and event management (SIEM) systems typically take a long time to set up and configure. They're also not necessarily designed with cloud workloads in mind. Microsoft Sentinel enables you to start getting valuable security insights from your cloud and on-premises data quickly. This module helps you get started.
Learn about the architecture of Microsoft Sentinel workspaces to ensure you configure your system to meet your organization's security operations requirements.
As a Security Operations Analyst, you must understand the tables, fields, and data ingested in your workspace. Learn how to query the most used data tables in Microsoft Sentinel.
Learn how to create Microsoft Sentinel watchlists that are a named list of imported data. Once created, you can easily use the named watchlist in KQL queries.
Learn how the Microsoft Sentinel Threat Intelligence page enables you to manage threat indicators.
In this module, you learn about the Unified Security Operations Platform that integrates Microsoft Defender XDR with Microsoft Sentinel.