Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Microsoft

Connect logs to Microsoft Sentinel

Microsoft via Microsoft Learn

Go to class Write review
Coursera Ad

40% Off All Coursera Courses

Learn More → Boot.dev Ad

Learn Backend Development Part-Time, Online

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
  • Connect data to Microsoft Sentinel using data connectors

    Upon completion of this module, the learner is able to:

    • Describe how to install Content Hub Solutions to provision Microsoft Sentinel Data connectors
    • Explain the use of data connectors in Microsoft Sentinel
    • Describe the Microsoft Sentinel data connector providers
    • Explain the Common Event Format and Syslog connector differences in Microsoft Sentinel
  • Connect Microsoft services to Microsoft Sentinel

    Upon completion of this module, the learner is able to:

    • Connect Microsoft service connectors
    • Explain how connectors auto-create incidents in Microsoft Sentinel
  • Connect Microsoft Defender XDR to Microsoft Sentinel

    Upon completion of this module, the learner is able to:

    • Understand the connectivity options for the Microsoft Defender XDR connector when Microsoft Sentinel is onboarded to Defender XDR, versus Microsoft Sentinel in the Azure portal
    • Activate the Microsoft Defender XDR connector in Microsoft Sentinel
    • Activate the Microsoft Defender for Cloud connector in Microsoft Sentinel
    • Activate the Microsoft Defender for IoT connector in Microsoft Sentinel
  • Connect Windows hosts to Microsoft Sentinel

    Upon completion of this module, the learner is able to:

    • Connect Azure Windows Virtual Machines to Microsoft Sentinel
    • Connect non-Azure Windows hosts to Microsoft Sentinel
    • Install and configure a data connector to collect Sysmon events
  • Connect Common Event Format logs to Microsoft Sentinel

    Upon completion of this module, the learner will be able to:

    • Explain the Common Event Format connector deployment options in Microsoft Sentinel
    • Run the deployment script for the Common Event Format connector
  • Connect syslog data sources to Microsoft Sentinel

    Upon completion of this module, the learner is able to:

    • Describe the Azure Monitor Agent Data Collection Rule (DCR) for Syslog
    • Install and Configure the Azure Monitor Linux Agent extension with the Syslog DCR
    • Run the Azure Arc Linux deployment and connection scripts
    • Verify Syslog log data is available in Microsoft Sentinel
    • Create a parser using KQL in Microsoft Sentinel
  • Connect threat indicators to Microsoft Sentinel

    Upon completion of this module, the learner is able to:

    • Configure the Defender Threat Intelligence connector in Microsoft Sentinel
    • Configure the TAXII connector in Microsoft Sentinel
    • Configure the Threat Intelligence Upload API connector in Microsoft Sentinel
    • View threat indicators in Microsoft Sentinel

Syllabus

  • Connect data to Microsoft Sentinel using data connectors
    • Introduction
    • Ingest log data with data connectors
    • Understand data connector providers
    • View connected hosts
    • Module assessment
    • Summary and resources
  • Connect Microsoft services to Microsoft Sentinel
    • Introduction
    • Plan for Microsoft services connectors
    • Connect the Microsoft 365 connector
    • Connect the Microsoft Entra connector
    • Connect the Microsoft Entra ID Protection connector
    • Connect the Azure Activity connector
    • Module assessment
    • Summary and resources
  • Connect Microsoft Defender XDR to Microsoft Sentinel
    • Introduction
    • Plan for Microsoft Defender XDR connectors
    • Connect the Microsoft Defender XDR connector
    • Connect Microsoft Defender for Cloud connector
    • Connect Microsoft Defender for IoT
    • Connect Microsoft Defender legacy connectors
    • Module assessment
    • Summary and resources
  • Connect Windows hosts to Microsoft Sentinel
    • Introduction
    • Plan for Windows hosts security events connector
    • Connect using the Windows Security Events via AMA Connector
    • Connect using the Security Events via Legacy Agent Connector
    • Collect Sysmon event logs
    • Module assessment
    • Summary and resources
  • Connect Common Event Format logs to Microsoft Sentinel
    • Introduction
    • Plan for Common Event Format connector
    • Connect your external solution using the Common Event Format connector
    • Module assessment
    • Summary and resources
  • Connect syslog data sources to Microsoft Sentinel
    • Introduction
    • Plan for syslog data collection
    • Collect data from Linux-based sources using syslog
    • Configure the Data Collection Rule for Syslog Data Sources
    • Parse syslog data with KQL
    • Module assessment
    • Summary and resources
  • Connect threat indicators to Microsoft Sentinel
    • Introduction
    • Plan for threat intelligence connectors
    • Connect the Defender Threat Intelligence connector
    • Connect the threat intelligence TAXII connector
    • Connect the threat intelligence Upload API connector
    • View your threat indicators with KQL
    • Module assessment
    • Summary and resources

Tags

Reviews

Start your review of Connect logs to Microsoft Sentinel

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.