Microsoft Sentinel - From Zero To Hero

Learn Microsoft Sentinel | Hands-on experience in your own free Azure environment | Elevate your SOC career

What you'll learn

Learn Sentinel in Depth

Understand the Basics of KQL

Learn how to ingest Logs with Data Connectors

Discover how to deploy and Manage Sentinel

Understand how to build Detections with Analytic Rules

Learn how to build complex Automations and SOAR

Discover how to visualize data with Watchlists

Learn Advanced Sentinel concepts such as IaC and Notebooks

Discover how to use MITRE AT&CK for SOC Operations

Learn how to utilize Cyber Threat Intelligence in Sentinel

Requirements

Basic IT Knowledge

No Azure or Cyber Security experience necessary

Willingness to learn cool stuff!

Description

Microsoft Sentinel - From Zero to Hero, is a meticulously structured Udemy course aimed at IT professionals seeking to master Microsoft Sentinel for superior threat detection, response, and security architecture. This course meticulously walks you through the initial setup to advanced implementation with real-world applications. By learning Microsoft Sentinel, you're gaining proficiency in a leading Security Information and Event Management (SIEM) platform that's crucial for modern cybersecurity.Key Features:Introduction: Establish a strong foundation with an overview of Microsoft SentinelArchitecture: Delve into the structural design of Microsoft Sentinel for scalable solutionsDeployment: Step-by-step guidance on deploying Microsoft Sentinel effectivelyLog Analytics: Master the art of log analytics for insightful data interpretationData Connectors: Learn how to integrate various data sources with Sentinel connectorsThreat Management: Equip yourself with strategies for proactive threat managementThreat Hunting: Develop skills to actively seek out and neutralize potential threatsThreat Intelligence: Integrate and leverage threat intelligence for informed security measuresUEBA: Understand User and Entity Behavior Analytics for advanced anomaly detectionMITRE ATT&CK: Apply MITRE ATT&CK framework for comprehensive threat modelingAutomation & SOAR: Automate responses and orchestrate security operations with SOARWorkbooks: Create and manage workbooks for dynamic security reportingWatchlists: Utilize watchlists to monitor and track security threatsCost Optimization: Learn techniques to optimize costs while maintaining security efficiencyOther Important Concepts:Repositories and IaC for Sentinel: Manage code for Sentinel using Infrastructure as Code methodologiesAzure Lighthouse: Explore multi-tenant management with Azure LighthouseAzure ARC with Azure Monitor Agent: Extend Sentinel capabilities across different environments with Azure ARCAzure OpenAI & ChatGPT: Integrate cutting-edge AI with Sentinel for enhanced security insightsNotebooks: Utilize Jupyter Notebooks for advanced data analysis and threat hunting

Overview

Section 1: Introduction

Lecture 1 Welcome & About your Instructor

Lecture 2 Course Content

Lecture 3 Cyber Security Challenges, SIEM & SOAR

Lecture 4 FAQs

Section 2: Architectural Overview on Sentinel

Lecture 5 What is Microsoft Sentinel?

Lecture 6 Sentinel in the Microsoft Security Cosmos

Lecture 7 Defending Across Attack Chains

Lecture 8 Sentinel as SaaS

Lecture 9 Azure Resource Hierarchy

Lecture 10 Sentinel Architecture

Section 3: Deploying and managing Sentinel

Lecture 11 Create your Azure Tenant

Lecture 12 Deployment Prerequisites

Lecture 13 Demo: Create an Azure Resource Group

Lecture 14 Demo: Create a Log Analytics Workspace

Lecture 15 Demo: Create a Sentinel Workspace

Lecture 16 Azure RBAC

Lecture 17 Sentinel RBAC

Lecture 18 Demo: Azure RBAC

Section 4: Log Analytics

Lecture 19 Overview

Lecture 20 Dedicated Cluster

Lecture 21 Demo: Log Analytics Workspaces

Section 5: Data Connectors

Lecture 22 Overview

Lecture 23 Demo: Content Hub

Lecture 24 Demo: Ingesting Threat Intelligence into Sentinel

Lecture 25 Demo: Verify Threat Intelligence Log Ingestion

Lecture 26 Demo: Ingesting Entra ID into Sentinel

Lecture 27 Demo: Verify Entra ID Ingestion

Lecture 28 Demo: Deploy Sentinel Training Lab

Section 6: Threat Management

Lecture 29 Sentinel Workflow

Lecture 30 Analytic Rules

Lecture 31 Demo: Analytic Rules

Lecture 32 Scheduled Analytic Rules

Lecture 33 Demo: Scheduled Analytic Rules

Lecture 34 Near-Real-Time-Rules (NRT)

Lecture 35 Demo: Near-Real-Time-Rules (NRT)

Lecture 36 Fusion

Lecture 37 Demo: Fusion

Lecture 38 ML Behavior Analytics

Lecture 39 Demo: ML Behavior Analytics

Lecture 40 Threat Intelligence Rules

Lecture 41 Demo: Threat Intelligence Rules

Lecture 42 Microsoft Security Rules

Lecture 43 Demo: Microsoft Security Rules

Lecture 44 Demo: Incident Dashboard

Section 7: Threat Hunting

Lecture 45 What is Threat Hunting?

Lecture 46 KQL 101

Lecture 47 Demo: Threat Hunting in Sentinel

Lecture 48 Demo: Hunt for Entra ID Events

Section 8: Cyber Threat Intelligence

Lecture 49 What is Cyber Threat Intelligence?

Lecture 50 STIX & TAXII

Lecture 51 Demo: CTI in Sentinel

Section 9: User and Entity Behavior Analytics (UEBA)

Lecture 52 UEBA in Sentinel

Lecture 53 Demo: UEBA in Sentinel

Section 10: The MITRE ATT&CK Framework

Lecture 54 Overview on ATT&CK

Lecture 55 Demo: MITRE ATT&CK

Lecture 56 Demo: ATT&CK in Sentinel

Section 11: Automation & SOAR

Lecture 57 Automation Capabilities in Sentinel

Lecture 58 Automation Rules

Lecture 59 Demo: Automation Rules

Lecture 60 Playbooks

Lecture 61 Automation Rules vs. Playbooks

Lecture 62 Azure Logic Apps

Lecture 63 Demo: Playbooks & Azure Logic Apps

Lecture 64 Sentinel REST API

Section 12: Workbooks

Lecture 65 Workbooks in Sentinel

Lecture 66 Demo: Create Workbooks

Section 13: Watchlists

Lecture 67 Watchlists in Sentinel

Lecture 68 Demo: Create Watchlists

Lecture 69 Demo: Integrate Watchlists with Analytic Rules

Section 14: Cost Optimization

Lecture 70 Pricing Models

Lecture 71 Commitment Tiers

Lecture 72 Log Types

Lecture 73 Demo: Cost Optimization Workbook

Section 15: Other Sentinel Concepts

Lecture 74 Managing Sentinel via Repositories and IaC

Lecture 75 Azure Lighthouse

Lecture 76 Community

Lecture 77 Notebooks

Lecture 78 Azure ARC with Azure Monitor Agent

Lecture 79 Sentinel with Azure OpenAI & ChatGPT

Section 16: Course Wrapup

Lecture 80 Thank you!

Lecture 81 Course Slides

SOC Analyst,Security Engineer,Security Consultant,Security Architect,Security Manager,Cloud Engineer,Cloud Architect,IT Manager