Setting up the environment
  • Introduction to Azure Sentinel
  • Traditional SIEM vs Cloud native SIEM
  • The Microsoft Sentinel workspace
  • Deploy the Microsoft Sentinel Training Lab Solution
  • Configure Microsoft Sentinel Playbook
  • Phases of Azure Sentinel
Data Connectors
  • Enable Azure Activity data connector
  • Enable Azure Defender data connector
  • Enable Threat Intelligence TAXII data connector
Analytics Rules
  • Analytics Rules overview
  • Enable Microsoft incident creation rule
  • Review Fusion Rule (Advanced Multistage Attack Detection)
  • Create custom analytics rule
  • Review resulting security incident
  • Detecting Threats using correlation Rules.
  • Out of the box Detection
  • Custom threat detection rules
  • Advanced multistage attack detection
  • Intro to Use cases
  • Real time use cases for Cloud
  • User Behavior related use cases
  • Introduction to Threat hunting
  • Life cycle of Threat hunting
  • Use Note books to hunt
Incident Management
  • Review Microsoft Sentinel incident tools and capabilities
  • Introduction to Threat investigation
  • Investigating Incidents
  • Use the investigation graph to deep dive
  • Handling Incident “Sign-ins from IPs that attempt sign-ins to disabled accounts”
  • Handling “Solorigate Network Beacon” incident
  • Hunting for more evidence
  • Add IOC to Threat Intelligence
  • Handover incident
Hunting
  • Hunting on a specific MITRE technique
  • Introduction to Kusto Query Language (KQL)
  • useful Queries in KQL
  • Advanced Queries in KQL
  • Bookmarking hunting query results
  • Promote a bookmark to an incident
Watchlists
  • Create a Watchlist
  • Whitelist IP addresses in the analytics rule
Threat Intelligence
  • Threat Intelligence data connectors
  • Explore the Threat Intelligence menu
  • Analytics Rules based on Threat Intelligence data
  • Threat Intelligence Workbook
Microsoft Sentinel Content hub
  • Explore Microsoft Sentinel Content hub
  • Deploy a new solution
  • Review and enable deployed artifacts
Automation
  • Introduction to SOAR
  • Introduction to Play Books
  • Creating Security Play Books
  • Creating Logic through Logic App Designer
  • Threat Response Automation

PRACTICE TEST AND INTERVIEW QUESTIONS

At CyberVZN trainings, we provide practice tests at the end of the course, Splunk interview question and answers, Community question and answers, and Sample Resumes to crack the interview.

OUR COURSES

Training1