APL 5001: Configure SIEM security operations using Microsoft Sentinel
- Offered byMicrosoft
APL 5001: Configure SIEM security operations using Microsoft Sentinel at Microsoft Overview
Duration | 3 hours |
Total fee | Free |
Mode of learning | Online |
Schedule type | Self paced |
Difficulty level | Intermediate |
Official Website | Explore Free Course  |
Credential | Certificate |
APL 5001: Configure SIEM security operations using Microsoft Sentinel at Microsoft Highlights
- Earn a certificate of completion
APL 5001: Configure SIEM security operations using Microsoft Sentinel at Microsoft Course details
- Create and manage Microsoft Sentinel workspaces
- Connect Microsoft services to Microsoft Sentinel
- Connect Windows hosts to Microsoft Sentinel
- Threat detection with Microsoft Sentinel analytics
- Threat response with Microsoft Sentinel playbooks
- Get started with Microsoft Sentinel security operations by configuring the Microsoft Sentinel workspace, connecting Microsoft services and Windows security events to Microsoft Sentinel, configuring Microsoft Sentinel analytics rules, and responding to threats with automated responses.
APL 5001: Configure SIEM security operations using Microsoft Sentinel at Microsoft Curriculum
Create and manage Microsoft Sentinel workspaces
Introduction
Plan for the Microsoft Sentinel workspace
Create a Microsoft Sentinel workspace
Manage workspaces across tenants using Azure Lighthouse
Understand Microsoft Sentinel permissions and roles
Manage Microsoft Sentinel settings
Configure logs
Knowledge check
Summary and resources
Connect Microsoft services to Microsoft Sentinel
Introduction
Plan for Microsoft services connectors
Connect the Microsoft Office 365 connector
Connect the Azure Active Directory connector
Connect the Azure Active Directory identity protection connector
Connect the Azure Activity connector
Knowledge check
Summary and resources
Connect Windows hosts to Microsoft Sentinel
Introduction
Plan for Windows hosts security events connector
Connect using the Windows Security Events via AMA Connector
Connect using the Security Events via Legacy Agent Connector
Collect Sysmon event logs
Knowledge check
Summary and resources
Threat detection with Microsoft Sentinel analytics
Introduction
Exercise - Detect threats with Microsoft Sentinel analytics
What is Microsoft Sentinel Analytics?
Types of analytics rules
Create an analytics rule from templates
Create an analytics rule from wizard
Manage analytics rules
Exercise - Detect threats with Microsoft Sentinel analytics
Summary
Threat response with Microsoft Sentinel playbooks
Introduction
Exercise - Create a Microsoft Sentinel playbook
What are Microsoft Sentinel playbooks?
Trigger a playbook in real-time
Run playbooks on demand
Exercise - Create a Microsoft Sentinel playbook
Summary
APL 5001: Configure SIEM security operations using Microsoft Sentinel at Microsoft Entry Requirements
- Fundamental understanding of Microsoft AzureBasic understanding of Microsoft SentinelExperience using Kusto Query Language (KQL) in Microsoft Sentinel
- Not mentioned
Other courses offered by Microsoft
Student Forum
Anything you would want to ask experts?
TechnologyNetworking and HardwareNetworkingAPL 5001: Configure SIEM security operations using Microsoft Sentinel