SC-200 Microsoft Security Operations Analyst

TEMATYKA ZAJĘĆ

• Module 1: Mitigate threats using Microsoft 365 Defender
  Introduction to threat protection with Microsoft 365
  Mitigate incidents using Microsoft 365 Defender
  Remediate risks with Microsoft Defender for Office 365
  Microsoft Defender for Identity
  Protect your identities with Azure AD Identity Protection
  Microsoft Defender for Cloud Apps
  Respond to data loss prevention alerts using Microsoft 365
  Manage insider risk in Microsoft 365
  Lab: Mitigate threats using Microsoft 365 Defender

• Module 2: Mitigate threats using Microsoft Defender for Endpoint
  Protect against threats with Microsoft Defender for Endpoint
  Deploy the Microsoft Defender for Endpoint environment
  Implement Windows security enhancements
  Perform device investigations
  Perform actions on a device
  Perform evidence and entities investigations
  Configure and manage automation
  Configure for alerts and detections
  Utilize Threat and Vulnerability Management
  Lab: Mitigate threats using Microsoft 365 Defender for Endpoint

• Module 3: Mitigate threats using Azure Defender for Cloud
  Plan for cloud workload protections using Microsoft Defender for Cloud
  Workload protections in Microsoft Defender for Cloud
  Connect Azure assets to Microsoft Defender for Cloud
  Connect non-Azure resources to Microsoft Defender for Cloud
  Remediate security alerts using Microsoft Defender for Cloud
  Lab: Mitigate threats using Microsoft Defender for Cloud

• Module 4: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
  Construct KQL statements for Microsoft Sentinel
  Analyze query results using KQL
  Build multi-table statements using KQL
  Work with string data using KQL statements
  Lab: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

• Module 5: Configure your Microsoft Sentinel environment
  Introduction to Microsoft Sentinel
  Create and manage Microsoft Sentinel workspaces
  Query logs in Microsoft Sentinel
  Use watchlists in Microsoft Sentinel
  Utilize threat intelligence in Microsoft Sentinel
  Lab: Configure your Microsoft Sentinel environment

• Module 6: Connect logs to Microsoft Sentinel
  Connect data to Microsoft Sentinel using data connectors
  Connect Microsoft services to Microsoft Sentinel
  Connect Microsoft 365 Defender to Microsoft Sentinel
  Connect Windows hosts to Microsoft Sentinel
  Connect Common Event Format logs to Microsoft Sentinel
  Connect syslog data sources to Microsoft Sentinel
  Connect threat indicators to Microsoft Sentinel
  Lab: Connect logs to Microsoft Sentinel

• Module 7: Create detections and perform investigations using Microsoft Sentinel
  Threat detection with Microsoft Sentinel analytics
  Security incident management in Microsoft Sentinel
  Threat response with Microsoft Sentinel playbooks
  User and entity behavior analytics in Microsoft Sentinel
  Query, visualize, and monitor data in Microsoft Sentinel
  Lab: Create detections and perform investigations using Microsoft Sentinel

• Module 8: Perform threat hunting in Microsoft Sentinel
  Threat hunting concepts in Microsoft Sentinel
  Threat hunting with Microsoft Sentinel
  Hunt for threats using notebooks in Microsoft Sentinel
  Lab: Threat hunting in Microsoft Sentinel