SC-200: Connect logs to Microsoft Sentinel
5.0 /5- Offered byMicrosoft
SC-200: Connect logs to Microsoft Sentinel at Microsoft Overview
Duration | 3 hours |
Total fee | Free |
Mode of learning | Online |
Schedule type | Self paced |
Difficulty level | Intermediate |
Official Website | Explore Free Course  |
Credential | Certificate |
SC-200: Connect logs to Microsoft Sentinel at Microsoft Course details
- Learn about the configuration options and data provided by Microsoft Sentinel connectors for Microsoft 365 Defender
- Learn how Microsoft Sentinel makes this easy with the Security Events connector
- Learn about the Common Event Format (CEF) connector's configuration options
- Learn about the Syslog connector's configuration options which will enable you to parse Syslog data
- Learn how to connect Threat Intelligence Indicators to the Microsoft Sentinel workspace using the provided data connectors
- Connect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds to Microsoft Sentinel
- This learning path aligns with exam SC-200: Microsoft Security Operations Analyst
- The primary approach to connect log data is using the Microsoft Sentinel provided data connectors
SC-200: Connect logs to Microsoft Sentinel at Microsoft Curriculum
Connect data to Microsoft Sentinel using data connectors
Introduction
Ingest log data with data connectors
Understand data connector providers
View connected hosts
Knowledge check
Summary and resources
Connect Microsoft services to Microsoft Sentinel
Introduction
Plan for Microsoft services connectors
Connect the Microsoft Office 365 connector
Connect the Azure Active Directory connector
Connect the Azure Active Directory identity protection connector
Connect the Azure Activity connector
Knowledge check
Summary and resources
Connect Microsoft 365 Defender to Microsoft Sentinel
Introduction
Plan for Microsoft 365 Defender connectors
Connect the Microsoft 365 Defender connector
Connect Microsoft Defender for Cloud connector
Connect Microsoft Defender for IoT
Connect Microsoft Defender legacy connectors
Knowledge check
Summary and resources
Connect Windows hosts to Microsoft Sentinel
Introduction
Plan for Windows hosts security events connector
Connect using the Windows Security Events via AMA Connector
Connect using the Security Events via Legacy Agent Connector
Collect Sysmon event logs
Knowledge check
Summary and resources
Connect Common Event Format logs to Microsoft Sentinel
Introduction
Plan for Common Event Format connector
Connect your external solution using the Common Event Format connector
Knowledge check
Summary and resources
Connect syslog data sources to Microsoft Sentinel
Introduction
Plan for the syslog connector
Collect data from Linux-based sources using syslog
Configure the log analytics agent
Parse syslog data with KQL
Knowledge check
Summary and resources
Connect threat indicators to Microsoft Sentinel
Introduction
Plan for threat intelligence connectors
Connect the threat intelligence TAXII connector
Connect the threat intelligence platforms connector
View your threat indicators with KQL
Knowledge check
Summary and resources
SC-200: Connect logs to Microsoft Sentinel at Microsoft Entry Requirements
- Prerequisites: Knowledge of using KQL in Microsoft Sentinel like you could learn from learning path SC-200: Create queries for Azure Sentinel using Kusto Query Language (KQL)
- Knowledge of Microsoft Sentinel environment configuration like you could learn from learning path SC-200: Configure your Azure Sentinel environment
- Not mentioned
Other courses offered by Microsoft
Student Forum
Anything you would want to ask experts?