Microsoft Security Operations Analyst

Course Description

Learn how to investigate, respond to, and hunt for threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Azure Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job.

Audience profile

The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.

Course Outline

  • Module 1: Mitigate threats using Microsoft Defender for Endpoint
  • Module 2: Mitigate threats using Microsoft 365 Defender
  • Module 3: Mitigate threats using Azure Defender
  • Module 4: Create queries for Azure Sentinel using Kusto Query Language (KQL)
  • Module 5: Configure your Azure Sentinel environment
  • Module 6: Connect logs to Azure Sentinel
  • Module 7: Create detections and perform investigations using Azure Sentinel
  • Module 8: Perform threat hunting in Azure Sentinel

Complete this form to Register Now