Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Microsoft

Create detections and perform investigations using Microsoft Sentinel

Microsoft via Microsoft Learn

Go to class Write review
GetSmarter Ad

AI Adoption - Drive Business Value and Organizational Impact

Learn More → Coursera Ad

Coursera Plus Annual Nearly 45% Off

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
  • Threat detection with Microsoft Sentinel analytics

    In this module, you will:

    • Explain the importance of Microsoft Sentinel Analytics.
    • Explain different types of analytics rules.
    • Create rules from templates.
    • Create new analytics rules and queries using the analytics rule wizard.
    • Manage rules with modifications.
  • Automation in Microsoft Sentinel

    After completing this module, you're able to:

    • Explain automation options in Microsoft Sentinel
    • Create automation rules in Microsoft Sentinel
  • Provide an introduction to implementing threat response with Microsoft Sentinel playbooks.

    In this module you will:

    • Explain Microsoft Sentinel SOAR capabilities.
    • Explore the Microsoft Sentinel Logic Apps connector.
    • Create a playbook to automate an incident response.
    • Run a playbook on demand in response to an incident.
  • Learn about security incidents, incident evidence and entities, incident management, and how to use Microsoft Sentinel to handle incidents.
    • Learn about security incidents and Microsoft Sentinel incident management.
    • Explore Microsoft Sentinel incident evidence and entities.
    • Use Microsoft Sentinel to investigate security incidents and manage incident resolution.
  • Identify threats with Behavioral Analytics

    Upon completion of this module, the learner is able to:

    • Explain User and Entity Behavior Analytics in Azure Sentinel
    • Explore entities in Microsoft Sentinel
  • Data normalization in Microsoft Sentinel

    After completing this module, you'll be able to:

    • Use ASIM Parsers
    • Create ASIM Parser
    • Create parameterized KQL functions
  • Learn how to query, visualize, and monitor data in Microsoft Sentinel by using the Azure portal.

    In this module you will:

    • Visualize security data using Microsoft Sentinel Workbooks.
    • Understand how queries work.
    • Explore workbook capabilities.
    • Create a Microsoft Sentinel Workbook.
  • Manage content in Microsoft Sentinel

    After completing this module, you'll be able to:

    • Install a content hub solution in Microsoft Sentinel
    • Connect a GitHub repository to Microsoft Sentinel

Syllabus

  • Threat detection with Microsoft Sentinel analytics
    • Introduction
    • Exercise - Detect threats with Microsoft Sentinel analytics
    • What is Microsoft Sentinel Analytics?
    • Types of analytics rules
    • Create an analytics rule from templates
    • Create an analytics rule from wizard
    • Manage analytics rules
    • Exercise - Detect threats with Microsoft Sentinel analytics
    • Summary
  • Automation in Microsoft Sentinel
    • Introduction
    • Understand automation options
    • Create automation rules
    • Module assessment
    • Summary and resources
  • Threat response with Microsoft Sentinel playbooks
    • Introduction
    • Exercise - Create a Microsoft Sentinel playbook
    • What are Microsoft Sentinel playbooks?
    • Trigger a playbook in real-time
    • Run playbooks on demand
    • Exercise - Create a Microsoft Sentinel playbook
    • Summary
  • Security incident management in Microsoft Sentinel
    • Introduction
    • Exercise - Set up the Azure environment
    • Understand incidents
    • Incident evidence and entities
    • Incident management
    • Exercise - Investigate an incident
    • Summary
  • Identify threats with Behavioral Analytics
    • Introduction
    • Understand behavioral analytics
    • Explore entities
    • Display entity behavior information
    • Use Anomaly detection analytical rule templates
    • Module assessment
    • Summary and resources
  • Data normalization in Microsoft Sentinel
    • Introduction
    • Understand data normalization
    • Use ASIM Parsers
    • Understand parameterized KQL functions
    • Create an ASIM Parser
    • Configure Azure Monitor Data Collection Rules
    • Module assessment
    • Summary and resources
  • Query, visualize, and monitor data in Microsoft Sentinel
    • Introduction
    • Exercise - Query and visualize data with Microsoft Sentinel Workbooks
    • Monitor and visualize data
    • Query data using Kusto Query Language
    • Use default Microsoft Sentinel Workbooks
    • Create a new Microsoft Sentinel Workbook
    • Exercise - Visualize data using Microsoft Sentinel Workbooks
    • Summary
  • Manage content in Microsoft Sentinel
    • Introduction
    • Use solutions from the content hub
    • Use repositories for deployment
    • Module assessment
    • Summary and resources

Tags

Reviews

Start your review of Create detections and perform investigations using Microsoft Sentinel

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.