SC-5001 Configure SIEM security operations using Microsoft Sentinel
Price Net € VAT €
Price Price on Request
Duration
1 day
Location
Course Language English
Training Solutions Online Live
Today, security incidents occur in a distributed, dynamic, and often simultaneous manner. Centralized evaluation provides an overview and turns data into usable security information.
Key topics
- Role of SIEM in modern security architectures.
- Technical setup of Microsoft Sentinel.
- Connection and management of data sources.
- Analysis, correlation, and prioritization of events.
- Automated processes for security incidents.
- Monitoring and fine-tuning detection rules.
Prerequisite
Basic knowledge of IT security, cloud technologies, and technical processes in IT operations.
Target audience
Security-oriented IT roles with responsibility for monitoring, analyzing, and responding to security-related events.
Clear processes, automated responses, and centralized transparency form the basis of stable security operations in complex cloud and hybrid environments.
- Planning the Microsoft Sentinel workspace
- Creating a Sentinel workspace
- Managing cross-tenant workspaces with Azure Lighthouse
- Understanding Microsoft Sentinel permissions and roles
- Managing Sentinel settings
- Configuring logs
- Set up Microsoft Office 365 connector
- Connect Microsoft Entra Connector
- Connect Microsoft Entra ID Protection connector
- Connect Azure Activity Connector
- Connection to Windows Security Events via AMA Connector
- Connection to Security Events via Legacy Agent Connector
- Collection of Sysmon event logs
- Microsoft Sentinel Analytics
- Analysis rules
- Create rule with wizard
- Manage rules
- Understanding automation options
- Define rules for automation
- Set up SIEM security operations in Microsoft Sentinel
