Microsoft Sentinel: Zero To Hero – Complete Siem Training

Hands-on Microsoft Sentinel course covering SIEM setup, data connectors, analytics rules, KQL, and automation & and IR

What you'll learn

Understand the fundamentals of Microsoft Sentinel and cloud-native SIEM architecture

Set up Microsoft Sentinel from scratch using real Azure environments

Create and fine-tune Analytics Rules (Scheduled, NRT, Fusion, ML-based) for effective threat detection

Perform threat hunting using KQL with real-world scenarios (e.g., impossible travel)

Integrate Threat Intelligence feeds and manually add IOCs into Sentinel

Build and automate incident response using Playbooks and Azure Logic Apps

Visualize alerts and security metrics using Workbooks in Microsoft Sentinel

Compare traditional vs. cloud-native SIEMs, including pros, cons, and migration paths

Gain hands-on experience with labs, real use cases, and SOC workflows

Requirements

This course is beginner-friendly and designed to take you from the fundamentals to advanced topics.

Very Basic understanding of cybersecurity concepts

A free or trial Microsoft Azure account for practicing in real environments

Description

Are you ready to master Microsoft Sentinel, one of the most in-demand cloud-native SIEM platforms used by modern SOCs?This course is your complete zero-to-hero journey, designed for beginners, SOC analysts, cybersecurity engineers, and anyone looking to break into or upskill in cloud security operations.Through real-world labs, step-by-step guidance, and practical examples, you'll go beyond theory and build actual threat detection, automation, and response workflows using Microsoft Sentinel. What You’ll Learn: Set up and configure Microsoft Sentinel from scratch in Azure Ingest data using connectors (Windows logs, threat intel, etc.) Create powerful analytics rules (Scheduled, NRT, Fusion, ML-based) Write and use KQL queries for threat huntingBuild playbooks and automate incident response with Logic Apps Visualize attacks using Workbooks Understand the difference between traditional and cloud-native SIEMs Why This Course Is Different:100% hands-on with real Azure labsNo prior experience required – beginner-friendly explanationsPerfect for job-ready skills in SOC roles Covers full SIEM lifecycle: detect, investigate, respond, visualize Created by a seasoned SOC architect with real-world use casesWhether you're just starting in cybersecurity or looking to strengthen your SIEM expertise, this course will guide you every step of the way.Join today and become job-ready with Microsoft Sentinel!

Overview

Section 1: Introduction

Lecture 2 Our Community

Section 2: BASICS: Getting Started with Microsoft Sentinel & Cloud-Native SIEM Fundamentals

Lecture 3 Introduction to Microsoft Sentinel and Its Cloud-Native SIEM Architecture

Lecture 4 Benefits of Cloud-Native SIEM Architecture: Scalability Explained

Lecture 5 Flexibility in Cloud-Native SIEM: Adapting to Modern Security Needs

Lecture 6 Seamless Integration in Sentinel Cloud-Native SIEM: A Key Advantage

Lecture 7 Cost Efficiency in Cloud-Native SIEM: A Key Advantage

Lecture 8 Why Cloud Native Matters for Microsoft Sentinel

Lecture 9 Understanding How Traditional SIEMs Work

Lecture 10 Challenges and Drawbacks of Traditional SIEM Solutions

Lecture 11 How Cloud-Native SIEM Works

Lecture 12 Traditional SIEM vs. Cloud-Native SIEM: Key Differences Explained

Lecture 13 Azure Sentinel Architecture: Key Components and Workflow

Section 3: Foundational Labs: Azure Setup for Sentinel

Lecture 14 Lab: Step-by-Step Guide to Creating a Microsoft Azure Account

Lecture 15 Lab: Step-by-Step Guide to Creating a Resource Group in Microsoft Azure

Lecture 16 What is Log Analytics Workspace in Azure?

Lecture 17 Lab: How to Create a Log Analytics Workspace in Azure

Lecture 18 Lab: How to Create Microsoft Sentinel in Azure

Section 4: Data Connectors in Microsoft Sentinel

Lecture 19 Lab: Introduction to Content Hub in Microsoft Sentinel

Lecture 20 Lab: Integration of Threat Intelligence into Microsoft Sentinel

Lecture 21 Lab: Integrating Windows Security Event Logs into Microsoft Sentinel

Lecture 22 Lab: Verifying Windows Security Event Logs in Microsoft Sentinel

Section 5: Microsoft Sentinel - Analytics (Threat Detections)

Lecture 23 Introduction to Microsoft Sentinel Analytics

Lecture 24 Types of Microsoft Sentinel Analytics (Rules)

Lecture 25 What is Scheduled Rule in Sentinel

Lecture 26 Lab: Schedule Rule demo (Brue attack example)

Lecture 27 Introduction to NRT Rule in Sentinel

Lecture 28 Lab: NRT Rule Demo

Lecture 29 Introduction to Fusion rule in Sentinel

Lecture 30 Lab: Fusion rule demo

Lecture 31 Introduction to ML Behavior rule

Lecture 32 Sentinel Incident Investigation

Section 6: Threat Hunting

Lecture 33 What is Threat Hunting & Importance of Threat hunting

Lecture 34 Threat Hunting Scenario: Detecting Impossible Travel Activity

Lecture 35 Microsoft Entra ID Integration in Sentinel: Unlocking Impossible Travel Detectio

Lecture 36 Simulating and Hunting Impossible Travel Activity in MS Sentinel Using KQL

Section 7: Threat Inteligence

Lecture 37 What is Threat Inteligence

Lecture 38 real life example of Threat intel

Lecture 39 Key Components of CTI (1) Direction

Lecture 40 Key Components of TI-Collection

Lecture 41 Key Components of TI-Processing

Lecture 42 Key Componets of TI-analysis

Lecture 43 Key Components of TI- Dissemination

Lecture 44 Manually Adding Indicators of Compromise (IOCs) in Microsoft Sentinel

Lecture 45 Hans-On Lab: Feeding Sentinel with Microsoft Defender Threat Intelligence

Section 8: Building Automation Workflows: Playbooks & Logic Apps in Sentinel

Lecture 46 Introduction to Playbooks in Microsoft Sentinel

Lecture 47 Understanding Logic Apps in Microsoft Sentinel

Lecture 48 Hands-On: Creating Automation Rules in Microsoft Sentinel

Lecture 49 Hands-On: Creating Your First Playbook in Microsoft Sentinel

Lecture 50 Hands-On: Building Playbooks with Azure Logic Apps in Microsoft Sentinel

Section 9: Workbooks 101: Visualizing Security Data in Sentinel

Lecture 51 Getting Started with Workbooks in Microsoft Sentinel

Lecture 52 Breaking Down Workbook Components in Sentinel

Lecture 53 Hands-On: Creating Your First Workbook in Microsoft Sentinel

Lecture 54 Hands-On: Create a Workbook for Security Alerts (Last 24 Hours)

Lecture 55 Hands-On: Visualizing Brute-Force Attack Attempts in Azure Workbooks

This course is ideal for anyone looking to build hands-on expertise in Microsoft Sentinel and modern, cloud-native SIEM operations,SOC Analysts who want to level up their detection, investigation, and automation skills,Cybersecurity professionals exploring cloud-native SIEM solutions,Azure and Cloud Engineers interested in integrating security monitoring within Azure,IT and Security Operations teams aiming to shift from traditional SIEM to cloud-based tools,Anyone preparing for roles in threat detection, threat hunting, or incident response