SC-200 Microsoft Security Operations Analyst

1990  + ALV

Aika: 9-16

Kesto: 4 päivää

Osoite: Etäkoulutus

Lisätieto:  

Valitse päivämäärä ilmoittautumista varten

Koulutukset ovat maksuttomia Eduhousen lisenssi- tai koulutussopimusasiakkaille, joiden tilaukseen sisältyy kyseisen aiheen etäkoulutukset.

HUOM! Liittoasiakkaana voit tarkistaa tilauksesi oman liittosi asiakaspalvelusta. 

Microsoft Security Operations Analyst -koulutuksessa perehdytään Microsoftin pilvipohjaisiin tietoturvatyökaluihin Koulutus kattaa Microsoftin koko XDR-paletin, sisältäen Defender-tuoteperheen, Azure Active Directory Identity Protectionin sekä Microsoft Sentinelin.

Tavoite

Opi käyttöönottamaan, määrittämään sekä käyttämään Microsoftin Sentinel, Microsoft Defender for Cloud sekä Microsoft 365 Defender -palveluita uhkien tunnistamiseen sekä analysointiin ja niihin vastaamiseen ja erilaisten uhkien metsästämiseen.

Kenelle

Koulutus sopii mm. tietoturvan ammattilaiselle, tietoturvapainotteiselle järjestelmänvalvojalle ja SOC -analyytikolle.

Koulutukseen osallistujalla on hyvä olla seuraavat taidot:

  • Microsoft 365 -palveluiden perusosaaminen
  • Microsoftin tietoturva-, compliance- ja identiteettiratkaisuiden tuntemus
  • Windows 10/11 tekninen osaaminen
  • Azure-palveluiden tunteminen
  • Automatisoinnin ml. skriptaus perusosaaminen

Lisätiedot

Koulutus valmentaa Microsoftin viralliseen SC-200 Microsoft Security Operations Analyst -sertifiointitestiin.

Koulutuksen sisältö

Configure settings in Microsoft Defender XDR

  • Configure a connection from Defender XDR to a Sentinel workspace
  • Configure alert and vulnerability notification rules
  • Configure Microsoft Defender for Endpoint advanced features
  • Configure endpoint rules settings, including indicators and web content filtering
  • Manage automated investigation and response capabilities in Microsoft Defender XDR
  • Configure automatic attack disruption in Microsoft Defender XDR

Manage assets and environments

  • Configure and manage device groups, permissions, and automation levels in Microsoft Defender for Endpoint
  • Identify and remediate unmanaged devices in Microsoft Defender for Endpoint
  • Manage resources by using Azure Arc
  • Connect environments to Microsoft Defender for Cloud (by using multi-cloud account management)
  • Discover and remediate unprotected resources by using Defender for Cloud
  • Identify and remediate devices at risk by using Microsoft Defender Vulnerability Management

Design and configure a Microsoft Sentinel workspace

  • Plan a Microsoft Sentinel workspace
  • Configure Microsoft Sentinel roles
  • Specify Azure RBAC roles for Microsoft Sentinel configuration
  • Design and configure Microsoft Sentinel data storage, including log types and log retention
  • Manage multiple workspaces by using Workspace manager and Azure Lighthouse

Ingest data sources in Microsoft Sentinel

  • Identify data sources to be ingested for Microsoft Sentinel
  • Implement and use Content hub solutions
  • Configure and use Microsoft connectors for Azure resources, including Azure Policy and diagnostic settings
  • Configure bidirectional synchronization between Microsoft Sentinel and Microsoft Defender XDR
  • Plan and configure Syslog and Common Event Format (CEF) event collections
  • Plan and configure collection of Windows Security events by using data collection rules, including Windows Event Forwarding (WEF)
  • Configure threat intelligence connectors, including platform, TAXII, upload indicators API, and MISP
  • Create custom log tables in the workspace to store ingested data

Configure protections in Microsoft Defender security technologies

  • Configure policies for Microsoft Defender for Cloud Apps
  • Configure policies for Microsoft Defender for Office
  • Configure security policies for Microsoft Defender for Endpoints, including attack surface reduction (ASR) rules
  • Configure cloud workload protections in Microsoft Defender for Cloud

Configure detection in Microsoft Defender XDR

  • Configure and manage custom detections
  • Configure alert tuning
  • Configure deception rules in Microsoft Defender XDR

Configure detections in Microsoft Sentinel

  • Classify and analyze data by using entities
  • Configure scheduled query rules, including KQL
  • Configure near-real-time (NRT) query rules, including KQL
  • Manage analytics rules from Content hub
  • Configure anomaly detection analytics rules
  • Configure the Fusion rule
  • Query Microsoft Sentinel data by using ASIM parsers
  • Manage and use threat indicators

Respond to alerts and incidents in Microsoft Defender XDR

  • Investigate and remediate threats to Microsoft Teams, SharePoint Online, and OneDrive
  • Investigate and remediate threats in email by using Microsoft Defender for Office
  • Investigate and remediate ransomware and business email compromise incidents identified by automatic attack disruption
  • Investigate and remediate compromised entities identified by Microsoft Purview data loss prevention (DLP) policies
  • Investigate and remediate threats identified by Microsoft Purview insider risk policies
  • Investigate and remediate alerts and incidents identified by Microsoft Defender for Cloud
  • Investigate and remediate security risks identified by Microsoft Defender for Cloud Apps
  • Investigate and remediate compromised identities in Microsoft Entra ID
  • Investigate and remediate security alerts from Microsoft Defender for Identity
  • Manage actions and submissions in the Microsoft Defender portal

Respond to alerts and incidents identified by Microsoft Defender for Endpoint

  • Investigate timeline of compromised devices
  • Perform actions on the device, including live response and collecting investigation packages
  • Perform evidence and entity investigation

Enrich investigations by using other Microsoft tools

  • Investigate threats by using unified audit Log
  • Investigate threats by using Content Search
  • Perform threat hunting by using Microsoft Graph activity logs

Manage incidents in Microsoft Sentinel

  • Triage incidents in Microsoft Sentinel
  • Investigate incidents in Microsoft Sentinel
  • Respond to incidents in Microsoft Sentinel

Configure security orchestration, automation, and response (SOAR) in Microsoft Sentinel

  • Create and configure automation rules
  • Create and configure Microsoft Sentinel playbooks
  • Configure analytic rules to trigger automation
  • Trigger playbooks manually from alerts and incidents
  • Run playbooks on On-premises resources

Hunt for threats by using KQL

  • Identify threats by using Kusto Query Language (KQL)
  • Interpret threat analytics in the Microsoft Defender portal
  • Create custom hunting queries by using KQL

Hunt for threats by using Microsoft Sentinel

  • Analyze attack vector coverage by using the MITRE ATT&CK in Microsoft Sentinel
  • Customize content gallery hunting queries
  • Use hunting bookmarks for data investigations
  • Monitor hunting queries by using Livestream
  • Retrieve and manage archived log data
  • Create and manage search jobs

Analyze and interpret data by using workbooks

  • Activate and customize Microsoft Sentinel workbook templates
  • Create custom workbooks that include KQL
  • Configure visualizations

Avainsanat

Microsoft, Security, Tietoturva, Microsoft 365 Defender, Microsoft Sentinel, Riskien torjunta

Paikka

Päivämäärä

Katso kaikki koulutukset