SC-200: Perform threat hunting in Microsoft Sentinel

Intermediate
Security Operations Analyst
Azure
Microsoft Sentinel

Proactively hunt for security threats using the Microsoft Sentinel powerful threat hunting tools. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst.

Prerequisites

  • Ability to use KQL in Microsoft Sentinel like you could learn from learning path SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
  • Know how to create detections and perform investigations like you could learn from learning path SC-200: Create detections and perform investigations using Microsoft Sentinel

Modules in this learning path

Learn the threat hunting process in Microsoft Sentinel.

In this module, you'll learn to proactively identify threat behaviors by using Microsoft Sentinel queries. You'll also learn to use bookmarks and livestream to hunt threats.

In Microsoft Sentinel, you can search across long time periods in large datasets by using a search job.

Learn how to use notebooks in Microsoft Sentinel for advanced hunting.

Provide instructions and guidance on playing the SC-200 Who Hacked cloud game.