Configure SIEM Security Operations using Microsoft Sentinel (SC-5001)

Course 8712

  • Duration: 1 day
  • Language: English
  • Level: Intermediate

Get started with Microsoft Sentinel security operations by configuring the Microsoft Sentinel workspace, connecting Microsoft services and Windows security events to Microsoft Sentinel, configuring Microsoft Sentinel analytics rules, and responding to threats with automated responses.

Microsoft Sentinel Course Delivery Methods

  • In-Person

  • Online

  • Upskill your whole team by bringing Private Team Training to your facility.

Microsoft Sentinel Course Information

In this course, you will learn how to:

  • Create and configure a Microsoft Sentinel workspace
  • Deploy a Microsoft Sentinel content hub solution
  • Connect Windows hosts to Microsoft Sentinel
  • Configure analytics rules in Microsoft Sentinel
  • Configure automation in Microsoft Sentinel

Prerequisites

  • Fundamental understanding of Microsoft Azure
  • Basic understanding of Microsoft Sentinel
  • Experience using Kusto Query Language (KQL) in Microsoft Sentinel

Microsoft Sentinel Course Outline

Learn about the architecture of Microsoft Sentinel workspaces to ensure you configure your system to meet your organisation's security operations requirements.

  • Plan for the Microsoft Sentinel workspace
  • Create a Microsoft Sentinel workspace
  • Manage workspaces across tenants using Azure Lighthouse
  • Understand Microsoft Sentinel permissions and roles
  • Manage Microsoft Sentinel settings
  • Configure logs
  • Knowledge check
  • Summary and resources

Learn how to connect Microsoft 365 and Azure service logs to Microsoft Sentinel.

  • Plan for Microsoft services connectors
  • Connect the Microsoft Office 365 connector
  • Connect the Microsoft Entra connector
  • Connect the Microsoft Entra ID Protection connector
  • Connect the Azure Activity connector
  • Knowledge check
  • Summary and resources

One of the most common logs to collect is Windows security events. Learn how Microsoft Sentinel makes this easy with the Security Events connector.

  • Plan for Windows hosts security events connector
  • Connect using the Windows Security Events via AMA Connector
  • Connect using the Security Events via Legacy Agent Connector
  • Collect Sysmon event logs
  • Knowledge check
  • Summary and resources

Learn how Microsoft Sentinel Analytics can help the SecOps team identify and stop cyber attacks.

  • Exercise Detect threats with Microsoft Sentinel analytics
  • What is Microsoft Sentinel Analytics?
  • Types of analytics rules
  • Create an analytics rule from templates
  • Create an analytics rule from wizard
  • Manage analytics rules
  • Exercise Detect threats with Microsoft Sentinel analytics
  • Summary

Use automation rules in Microsoft Sentinel to automate incident management.

  • Understand automation options
  • Create automation rules
  • Knowledge check
  • Summary and resources

Learn how to configure SIEM security operations using Microsoft Sentinel.

  • Exercise Configure SIEM operations using Microsoft Sentinel
  • Exercise Install Microsoft Sentinel Content Hub solutions and data connectors
  • Exercise Configure a data connector Data Collection Rule
  • Exercise Perform a simulated attack to validate the Analytic and Automation rules
  • Summary

Need Help Finding The Right Training Solution?

Our training advisors are here for you.

Microsoft Sentinel Course FAQs

No. Applied Skills credentials are not replacing Certifications. We are expanding our credentialing portfolio to better meet the needs of our learners and customers by allowing people to validate particular skill sets with this new offering.

Certifications are role-based and evaluate a broader range of skills needed to be successful in critical roles that organisations need to be successful in today's rapidly changing technical environment.

Applied Skills credentials are scenario-based and evaluate a narrower skill set specific to an organisation's critical business problem or challenge.

If you want to demonstrate that you have the range of skills needed to succeed in a given job role, a Certification is the right way to go. If you want to validate your skills on a specific business problem or scenario your organisation faces, an Applied Skills credential will make more sense.

Here are some key differentiators between Certifications and Applied Skills:

  • Breadth of skills validated: Certifications typically validate 4-6 skill sets, while Applied Skills validate one specific skill set.
  • Focus: Certifications are job role-based, while Applied Skills are product-based.
  • Purpose: Certifications validate skills needed for the technical aspects of job roles that leverage Microsoft solutions and technologies. Applied Skills validate specific scenarios hindering an organisation's digital transform organisation's

Many of the Applied Skills credentials can be used to help you prepare for Certification exams. Because Applied Skills are awarded based on performance within a lab, that experience may set you up for success on a Certification. All role-based Certification exams require experience, so earning an Applied Skills credential is one way to get some of the experience needed to pass the exam. However, not all skills assessed on a Certification exam will have an associated Applied Skills assessment lab, so you should not rely on Applied Skills alone. Visit how to prepare for a Certification exam.

If you want to demonstrate that you have skill sets that the Certification did not assess, are "Certification adjacent," or are needed for a specific project that you would like to do or are working on, an applied skill credential would be a great way to show your employer and peers that you have those skills and the skills validated by your Certification.

It depends on your technical expertise and why you want to earn a Microsoft credential.

If you are exploring technology or just beginning your learning journey in technology, starting with a fundamentals certification makes the most sense because it focuses on ensuring you have the foundational knowledge you need to get started.

Suppose you have experience and want to explore how Microsoft technologies and solutions are used to solve critical business problems. In that case, an Applied Skills credential is a great way to validate fundamental world skills focused on specific projects or scenarios.

If you have some experience and are pursuing a job that leverages Microsoft solutions, a role-based certification is the logical solution to validate role-based skills. Note that some Applied Skills credentials relate to our certifications and may provide another way to prepare for a certification exam.