back

Use Microsoft Sentinel to Mitigate Threats

3 H 39 M

Just you? Training a whole team? There's an ITProTV plan that fits.

Start Training Today
Episodes
Episodes
  • Overview
    • Overview
    • Planning a Microsoft Sentinel Deployment
  • Design and Configure a Microsoft Sentinel Workspace
    • Configure Sentinel Resources
    • Configure Sentinel Roles
  • Plan and Implement Data Connectors in Microsoft Sentinel
    • Planning for Data Sources and Data Connectors
    • Data Connectors, Event Collectors, and Custom Connectors
  • Manage Microsoft Sentinel Analytics Rules
    • Configure Queries and Analytics Rules
    • Define Incident Creation Logic
    • Use Watchlists and Threat Indicators
  • Perform Data Classification and Normalization
    • Analyze Data Using Entities
    • Create Custom Logs in Azure Log Analytics
    • Develop and Manage ASIM Parsers
  • Configure SOAR in Microsoft Sentinel
    • Configure Automation Rules
    • Use Automation in Microsoft Sentinel
  • Manage Microsoft Sentinel Incidents
    • Investigate Multi-Workspace Incidents
    • User and Entity Behavior Analytics
  • Use Microsoft Sentinel Workbooks
    • Use Workbooks
    • Configure Advanced Visualizations
  • Hunt for Threats Using Microsoft Sentinel
    • Use Hunting Queries
    • Threat Hunt Using Notebooks and Bookmarks

Overview

3 M

itprotv course thumbnailitprotv course thumbnailitprotv course thumbnail
  • Episode Description
  • Transcript

WEBVTT >> Thank you so much for joining us. I'm your host, Lauren Deal, and I'll be your learner advocate as we go along. And asking this guy all the questions you probably have at home, welcome to show. Anthony, how are you today? >> I am doing great, Lauren. Thank you so much for hosting this for us. This is a course that I've been waiting for quite a bit of time with here at ACI Learning. So excited to finally be teaching this. We are going to be looking at Microsoft Sentinel in great detail. What is Sentinel? Well, it's Microsoft's SIEM. It's their Security Incident and Event Management Package. And it is very much a competitor to a product that is near and dear to Lauren and I's heart, and that is Splunk. So it is Microsoft's answer to Splunk. And we're going to be breaking it down and detailing it in the episodes that follow. >> That is awesome. I'm so excited because, as you know, Anthony and I have a very dear appreciation for Splunk. And so having Microsoft come out with its own spin-off is really exciting for both of us. >> Now, Anthony, what are some bullet points you might give us a little teaser about what we're going to talk about? Sure. One of the things that we're going to look at is we'll start off just by really taking an overview of where you go to access this product, how do you set it up, and then we're going to quickly dive into taking advantage of all of the features that it has to offer. And it is an impressive feature list. So we'll, of course, teach you how to get data into this product. It's scientifically proven. It works great if data can get inside it. And then we'll also teach you how to handle the data once it's inside this product. How do we query it? How do we add automation and orchestration workflows? So we'll get this product really working well for us. >> This is exciting because this is exactly what I've been looking for, and maybe this is the answer to everything you've been looking for as well. Now, Anthony, I am excited about this, and I have a little bit of an understanding about Splunk. >> Who else would be this perfect course for? Yeah, I think this course is going to be perfect for really one of three different individuals. It could be someone that is interested in just evaluating this product. So we'll have that happen a lot, where an organization will think, geez, maybe we should be using Microsoft Sentinel, so they will tune in to evaluate this product. Another group of individuals that maybe here are those that have been ordered. They must use Microsoft Sentinel, get to work. So it's been mandated for their organization, and now they are here getting the down and dirty training they need to get in there and get work done with Sentinel. But there is a third group, and we are going to address that as well. It's those interested in certification. This course maps to the Sentinel content in Microsoft's exam SC200, so we are covering all of those objectives as well. In the event we have individuals here that are going to be achieving their Microsoft Azure certification on Sentinel technologies. >> This is perfect because whether you are one of those three, or maybe you're coming to us out of just interest. We're excited to go along this journey with you. So Anthony, what do you say we jump into our first episode? - Yeah, let's get started. Our first episode is gonna be really just making sure you can get up and running quickly and plan your environment correctly. - All right, well let's get planning by jumping into the next episode. We'll see you there. (upbeat music)