Microsoft Security Operations Analyst -koulutuksessa perehdytään Microsoftin pilvipohjaisiin tietoturvatyökaluihin Koulutus kattaa Microsoftin koko XDR-paletin, sisältäen Defender-tuoteperheen, Azure Active Directory Identity Protectionin sekä Microsoft Sentinelin.
Tavoite
Opi käyttöönottamaan, määrittämään sekä käyttämään Microsoftin Sentinel, Microsoft Defender for Cloud sekä Microsoft 365 Defender -palveluita uhkien tunnistamiseen sekä analysointiin ja niihin vastaamiseen ja erilaisten uhkien metsästämiseen.
Kenelle
Koulutus sopii mm. tietoturvan ammattilaiselle, tietoturvapainotteiselle järjestelmänvalvojalle ja SOC -analyytikolle.
Koulutukseen osallistujalla on hyvä olla seuraavat taidot:
- Microsoft 365 -palveluiden perusosaaminen
- Microsoftin tietoturva-, compliance- ja identiteettiratkaisuiden tuntemus
- Windows 10/11 tekninen osaaminen
- Azure-palveluiden tunteminen
- Automatisoinnin ml. skriptaus perusosaaminen
Lisätiedot
Koulutus valmentaa Microsoftin viralliseen SC-200 Microsoft Security Operations Analyst -sertifiointitestiin.
Koulutuksen sisältö
Module 1: Mitigate threats using Microsoft 365 Defender
- Introduction to threat protection with Microsoft 365
- Mitigate incidents using Microsoft 365 Defender
- Remediate risks with Microsoft Defender for Office 365
- Microsoft Defender for Identity
- Azure AD Identity Protection
- Microsoft Defender for Cloud Apps
- Respond to data loss prevention alerts
- Manage insider risk in Microsoft 365
Module 2: Mitigate threats using Microsoft Defender for Endpoint
- Protect against threats with Microsoft Defender for Endpoint
- Deploy the Microsoft Defender for Endpoint environment
- Implement Windows 10 security enhancements
- Perform device investigations
- Perform actions on a device
- Perform evidence and entities investigations
- Configure for alerts and detections
- Manage insider risk in Microsoft 365
- Utilize Threat and Vulnerability Management
Module 3: Mitigate threats using Microsoft Defender for Cloud
- Plan for cloud workload protections using Microsoft Defender for Cloud
- Explain cloud workload protections in Microsoft Defender for Cloud
- Connect Azure assets to Microsoft Defender for Cloud
- Connect non-Azure resources to Microsoft Defender for Cloud
- Remediate security alerts using Microsoft Defender for Cloud
Module 4: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
- Construct KQL statements for Microsoft Sentinel
- Analyze query results using KQL
- Build multi-table statements using KQL
- Work with data in Microsoft Sentinel using Kusto Query Language
Module 5: Configure your Microsoft Sentinel environment
- Introduction to Microsoft Sentinel
- Create and manage Microsoft Sentinel workspaces
- Query logs in Microsoft Sentinel
- Use watchlists in Microsoft Sentinel
- Utilize threat intelligence in Microsoft Sentinel
Module 6: Connect logs to Microsoft Sentinel
- Connect data to Microsoft Sentinel using data connectors
- Connect Microsoft services to Microsoft Sentinel
- Connect Microsoft 365 Defender to Microsoft Sentinel
- Connect Windows hosts to Microsoft Sentinel
- Connect Common Event Format logs to Microsoft Sentinel
- Connect syslog data sources to Microsoft Sentinel
- Connect threat indicators to Microsoft Sentinel
Module 7: Create detections and perform investigations using Microsoft Sentinel
- Threat detection with Microsoft Sentinel analytics
- Security incident management in Microsoft Sentinel
- Threat response with Microsoft Sentinel playbooks
- User and entity behavior analytics in Microsoft Sentinel
- Query, visualize, and monitor data in Microsoft Sentinel
Module 8: Perform threat hunting in Microsoft Sentinel
- Threat hunting concepts in Microsoft Sentinel
- Threat hunting with Microsoft Sentinel
- Hunt for threats using notebooks in Microsoft Sentinel
Avainsanat
Microsoft, Security, Tietoturva, Microsoft 365 Defender, Microsoft Sentinel, Riskien torjunta