SC-200: Create detections and perform investigations using Microsoft Sentinel

Intermediate
Security Operations Analyst
Azure
Microsoft Sentinel

Detect previously uncovered threats and rapidly remediate threats with built-in orchestration and automation in Microsoft Sentinel. This learning path aligns with Exam SC-200: Security Operation Analyst.

Prerequisites

  • Understand how to use KQL in Microsoft Sentinel like you could learn from learning path SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
  • Understand how data is connected to Microsoft Sentinel like you could learn from learning path SC-200: Connect logs to Microsoft Sentinel

Modules in this learning path

In this module, you learned how Microsoft Sentinel Analytics can help the SecOps team identify and stop cyber attacks.

By the end of this module, you'll be able to use automation rules in Microsoft Sentinel to automated incident management.

This module describes how to create Microsoft Sentinel playbooks to respond to security threats.

In this module, you'll investigate Microsoft Sentinel incident management, learn about Microsoft Sentinel events and entities, and discover ways to resolve incidents.

Learn how to use entity behavior analytics in Microsoft Sentinel to identify threats inside your organization.

By the end of this module, you'll be able to use ASIM parsers to identify threats inside your organization.

This module describes how to query, visualize, and monitor data in Microsoft Sentinel.

By the end of this module, you'll be able to manage content in Microsoft Sentinel.