SC-200: Perform threat hunting in Microsoft Sentinel

SC-200: Perform threat hunting in Microsoft Sentinel
at
Microsoft
Overview

Learn how to use notebooks in Microsoft Sentinel for advanced hunting

Skills you will learn

More about this course

Proactively hunt for security threats using the Microsoft Sentinel powerful threat hunting tools
This learning path aligns with exam SC-200: Microsoft Security Operations Analyst
In this program, you'll learn to proactively identify threat behaviors by using Microsoft Sentinel queries
In Microsoft Sentinel, you can search across long time periods in large datasets by using a search job

Explain threat hunting concepts in Microsoft Sentinel

Introduction

Understand cybersecurity threat hunts

Develop a hypothesis

Explore MITRE ATT&CK

Knowledge check

Summary and resources

Threat hunting with Microsoft Sentinel

Introduction

Exercise setup

Explore creation and management of Microsoft Sentinel threat-hunting queries

Save key findings with bookmarks

Observe threats over time with livestream

Exercise - Hunt for threats by using Microsoft Sentinel

Summary

Use Search jobs in Microsoft Sentinel

Introduction

Hunt with a Search Job

Restore historical data

Knowledge check

Summary and resources

Hunt for threats using notebooks in Microsoft Sentinel

Introduction

Access Azure Sentinel data with external tools

Hunt with notebooks

Create a notebook

Explore notebook code

Knowledge check

Summary and resources

Eligibility criteria Up Arrow Icon

Prerequisites: Ability to use KQL in Microsoft Sentinel like you could learn from learning path SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
Know how to create detections and perform investigations like you could learn from learning path SC-200: Create detections and perform investigations using Microsoft Sentinel

Conditional Offer Up Arrow Icon