Corellialla on uusi osoite! Löydät meidät syyskuun alusta lähtien osoitteesta Kalevankatu 9, 00100 Helsinki, Hotelli Tornin kanssa samassa korttelissa. 

Tiedustelut myynti@corellia.fi tai 040 7070 202

Azure Sentinel – SC-200 Microsoft Security Operations Analyst oppilaitoksille

Tämä kurssi toteutetaan yhteistyössä Microsoftin oppilaitostiimin kanssa ja on tarkoitettu oppilaitoksille. Kurssin minimiosallistujamäärä on 8 hlöä ja maksimi 15 hlöä.

kesto 2 pv

500 + ALV
  • Kurssimuoto: Etä

Tällä kurssilla opetellaan kyberuhkien tutkimista ja vähentämistä Microsoft Azure Sentinel palvelun avulla. Erityisesti kurssilla keskitytään Azure Sentinel palveluun sekä siinä käytettävään Kusto-kyselykieleen (KQL) ja niiden avulla tehtäviin uhkien havainnointiin, analysointiin ja raportointiin.

Kurssi antaa hyvät perustiedot Azure Sentinel palvelusta.

Kurssin kohderyhmä

Henkilöille, jotka työskentelevät tietoturvaoperaattorin roolissa.

Kurssin esitietovaatimukset

  • Yleiset tiedot Microsoft 365 palvelusta
  • Perustiedot Microsoft:in tietoturva- ja identiteetinhallintatuotteista
  • Yleiset tiedot Windows 10 käyttöjärjestelmästä
  • Azure palveluiden tuntemus, erityisesti Azure SQL Database ja Azure Storage palveluista
  • Azure virtuaalikoneiden ja -verkkojen tuntemus
  • Perustiedot skriptauksesta

Tietoa koulutuksista

Luokkakoulutukset
Corellian koulutustiloissa:
Kalevankatu 9 A, Helsinki

Kiinnostaako asiakaskohtainen toteutus? Meillä onnistuu.

Kurssin olennainen sisältö

Module 1: Create queries for Azure Sentinel using Kusto Query Language (KQL)

Write Kusto Query Language (KQL) statements to query log data to perform detections, analysis, and reporting in Azure Sentinel. This module will focus on the most used operators. The example KQL statements will showcase security related table queries. KQL is the query language used to perform analysis on data to create analytics, workbooks, and perform hunting in Azure Sentinel. Learn how basic KQL statement structure provides the foundation to build more complex statements. Learn how to summarize and visualize data with a KQL statement provides the foundation to build detections in Azure Sentinel. Learn how to use the Kusto Query Language (KQL) to manipulate string data ingested from log sources.

  • Construct KQL statements for Azure Sentinel
  • Analyze query results using KQL
  • Build multi-table statements using KQL
  • Work with data in Azure Sentinel using Kusto Query Language

Module 2: Configure your Azure Sentinel environment

Get started with Azure Sentinel by properly configuring the Azure Sentinel workspace. Traditional security information and event management (SIEM) systems typically take a long time to set up and configure. They’re also not necessarily designed with cloud workloads in mind. Azure Sentinel enables you to start getting valuable security insights from your cloud and on-premises data quickly. This module helps you get started. Learn about the architecture of Azure Sentinel workspaces to ensure you configure your system to meet your organization’s security operations requirements. As a Security Operations Analyst, you must understand the tables, fields, and data ingested in your workspace. Learn how to query the most used data tables in Azure Sentinel.

  • Introduction to Azure Sentinel
  • Create and manage Azure Sentinel workspaces
  • Query logs in Azure Sentinel
  • Use watchlists in Azure Sentinel
  • Utilize threat intelligence in Azure Sentinel

Module 3: Connect logs to Azure Sentinel

Connect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds to Azure Sentinel. The primary approach to connect log data is using the Azure Sentinel provided data connectors. This module provides an overview of the available data connectors. You will get to learn about the configuration options and data provided by Azure Sentinel connectors for Microsoft 365 Defender.

  • Connect data to Azure Sentinel using data connectors
  • Connect Microsoft services to Azure Sentinel
  • Connect Microsoft 365 Defender to Azure Sentinel
  • Connect Windows hosts to Azure Sentinel
  • Connect Common Event Format logs to Azure Sentinel
  • Connect syslog data sources to Azure Sentinel
  • Connect threat indicators to Azure Sentinel

Module 4: Create detections and perform investigations using Azure Sentinel

Detect previously uncovered threats and rapidly remediate threats with built-in orchestration and automation in Azure Sentinel. You will learn how to create Azure Sentinel playbooks to respond to security threats. You’ll investigate Azure Sentinel incident management, learn about Azure Sentinel events and entities, and discover ways to resolve incidents. You will also learn how to query, visualize, and monitor data in Azure Sentinel.

  • Threat detection with Azure Sentinel analytics
  • Threat response with Azure Sentinel playbooks
  • Security incident management in Azure Sentinel
  • Use entity behavior analytics in Azure Sentinel
  • Query, visualize, and monitor data in Azure Sentinel

Module 5: Perform threat hunting in Azure Sentinel

In this module, you’ll learn to proactively identify threat behaviors by using Azure Sentinel queries. You’ll also learn to use bookmarks and livestream to hunt threats. You will also learn how to use notebooks in Azure Sentinel for advanced hunting.

  • Threat hunting with Azure Sentinel
  • Hunt for threats using notebooks in Azure Sentinel

Kurssin kesto

Kesto 2 pv.

Kurssityyppi

Etä

Kouluttajat

Arto Roth

Ilmoittaudu kurssille

Oletko kiinnostunut asiakaskohtaisesta toteutuksesta?

Kerro tarpeesi, niin suunnittelemme koulutuksen tarpeisiinne räätälöitynä.