SC-200: Create detections and perform investigations using Microsoft Sentinel
- Offered byMicrosoft
SC-200: Create detections and perform investigations using Microsoft Sentinel at Microsoft Overview
Duration | 6 hours |
Total fee | Free |
Mode of learning | Online |
Schedule type | Self paced |
Difficulty level | Intermediate |
Official Website | Explore Free Course  |
Credential | Certificate |
SC-200: Create detections and perform investigations using Microsoft Sentinel at Microsoft Course details
- Learn how to use entity behavior analytics in Microsoft Sentinel to identify threats inside your organization
- Able to use ASIM parsers to identify threats inside your organization
- Detect previously uncovered threats and rapidly remediate threats with built-in orchestration and automation in Microsoft Sentinel
- In this program, you learned how Microsoft Sentinel Analytics can help the SecOps team identify and stop cyber attacks
- By the end of this program, you'll be able to use automation rules in Microsoft Sentinel to automated incident management
- This program describes how to create Microsoft Sentinel playbooks to respond to security threats
SC-200: Create detections and perform investigations using Microsoft Sentinel at Microsoft Curriculum
Threat detection with Microsoft Sentinel analytics
Introduction
Exercise - Detect threats with Microsoft Sentinel analytics
What is Microsoft Sentinel Analytics?
Types of analytics rules
Create an analytics rule from templates
Create an analytics rule from wizard
Manage analytics rules
Exercise - Detect threats with Microsoft Sentinel analytics
Summary
Automation in Microsoft Sentinel
Introduction
Understand automation options
Create automation rules
Knowledge check
Summary and resources
Threat response with Microsoft Sentinel playbooks
Introduction
Exercise - Create a Microsoft Sentinel playbook
What are Microsoft Sentinel playbooks
Trigger a playbook in real-time
Run playbooks on demand
Exercise - Create a Microsoft Sentinel playbook
Summary
Security incident management in Microsoft Sentinel
Introduction
Exercise setup
Describe incident management
Understand evidence and entities
Manage incidents
Exercise - Investigate an incident
Summary
Identify threats with Behavioral Analytics
Introduction
Understand behavioral analytics
Explore entities
Display entity behavior information
Use Anomaly detection analytical rule templates
Knowledge check
Summary and resources
Data normalization in Microsoft Sentinel
Introduction
Understand data normalization
Use ASIM Parsers
Understand parameterized KQL functions
Create an ASIM Parser
Configure Azure Monitor Data Collection Rules
Knowledge check
Summary and resources
Query, visualize, and monitor data in Microsoft Sentinel
Introduction
Exercise - Query and visualize data with Microsoft Sentinel Workbooks
Monitor and visualize data
Query data using Kusto Query Language
Use default Microsoft Sentinel Workbooks
Create a new Microsoft Sentinel Workbook
Exercise - Visualize data using Microsoft Sentinel Workbooks
Summary
Manage content in Microsoft Sentinel
Introduction
Use solutions from the content hub
Use repositories for deployment
Knowledge check
Summary and resources
SC-200: Create detections and perform investigations using Microsoft Sentinel at Microsoft Entry Requirements
- Prerequisites: Understand how to use KQL in Microsoft Sentinel like you could learn from learning path SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
- Understand how data is connected to Microsoft Sentinel like you could learn from learning path SC-200: Connect logs to Microsoft Sentinel
- Not mentioned
Other courses offered by Microsoft
Student Forum
Anything you would want to ask experts?
ManagementBusiness AnalyticsTableauSC-200: Create detections and perform investigations using Microsoft Sentinel