SC-200T00 : Microsoft Security Operations Analyst
Learn how to investigate, respond to, and hunt for threats using Microsoft Sentinel, Microsoft Defender for Cloud, and Microsoft 365 Defender. In this course you will learn how to mitigate cyberthreats using these technologies. Specifically, you will configure and use Microsoft Sentinel as well as utilize Kusto Query Language (KQL) to perform detection, analysis, and reporting. The course was designed for people who work in a Security Operations job role and helps learners prepare for the exam SC-200: Microsoft Security Operations Analyst.
The duration of the program :
Classroom |
Live Online |
The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.
· MODULE Introduction to Microsoft 365 threat protection
· MODULE Mitigate incidents using Microsoft 365 Defender
· MODULE Protect your identities with Azure AD Identity Protection
· MODULE Remediate risks with Microsoft Defender for Office 365
· MODULE Safeguard your environment with Microsoft Defender for Identity
· MODULE Secure your cloud apps and services with Microsoft Defender for Cloud Apps
· MODULE Respond to data loss prevention alerts using Microsoft 365
· MODULE Manage insider risk in Microsoft Purview
· MODULE Investigate threats by using audit features in Microsoft 365 Defender and Microsoft Purview Standard
· MODULE Investigate threats using audit in Microsoft 365 Defender and Microsoft Purview (Premium)
· MODULE Investigate threats with Content search in Microsoft Purview
· MODULE Protect against threats with Microsoft Defender for Endpoint
· MODULE Deploy the Microsoft Defender for Endpoint environment
· MODULE Implement Windows security enhancements with Microsoft Defender for Endpoint
· MODULE Perform device investigations in Microsoft Defender for Endpoint
· MODULE Perform actions on a device using Microsoft Defender for Endpoint
· MODULE Perform evidence and entities investigations using Microsoft Defender for Endpoint
· MODULE Configure and manage automation using Microsoft Defender for Endpoint
· MODULE Configure for alerts and detections in Microsoft Defender for Endpoint
· MODULE Utilize Vulnerability Management in Microsoft Defender for Endpoint
· MODULE Plan for cloud workload protections using Microsoft Defender for Cloud
· MODULE Connect Azure assets to Microsoft Defender for Cloud
· MODULE Connect non-Azure resources to Microsoft Defender for Cloud
· MODULE Manage your cloud security posture management
· MODULE Explain cloud workload protections in Microsoft Defender for Cloud
· MODULE Remediate security alerts using Microsoft Defender for Cloud
· MODULE Construct KQL statements for Microsoft Sentinel
· MODULE Analyze query results using KQL
· MODULE Build multi-table statements using KQL
· MODULE Work with data in Microsoft Sentinel using Kusto Query Language
· MODULE Introduction to Microsoft Sentinel
· MODULE Create and manage Microsoft Sentinel workspaces
· MODULE Query logs in Microsoft Sentinel
· MODULE Use watchlists in Microsoft Sentinel
· MODULE Utilize threat intelligence in Microsoft Sentinel
· MODULE Connect data to Microsoft Sentinel using data connectors
· MODULE Connect Microsoft services to Microsoft Sentinel
· MODULE Connect Microsoft 365 Defender to Microsoft Sentinel
· MODULE Connect Windows hosts to Microsoft Sentinel
· MODULE Connect Common Event Format logs to Microsoft Sentinel
· MODULE Connect syslog data sources to Microsoft Sentinel
· MODULE Connect threat indicators to Microsoft Sentinel
· MODULE Threat detection with Microsoft Sentinel analytics
· MODULE Automation in Microsoft Sentinel
· MODULE Security incident management in Microsoft Sentinel
· MODULE Identify threats with Behavioral Analytics
· MODULE Data normalization in Microsoft Sentinel
· MODULE Query, visualize, and monitor data in Microsoft Sentinel
· MODULE Manage content in Microsoft Sentinel
· MODULE Explain threat hunting concepts in Microsoft Sentinel
· MODULE Threat hunting with Microsoft Sentinel
· MODULE Use Search jobs in Microsoft Sentinel
· MODULE Hunt for threats using notebooks in Microsoft Sentinel
Microsoft Certified: Security Operations Analyst Associate
The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders.
Required Exam : SC-200
· Basic understanding of Microsoft 365
· Fundamental understanding of Microsoft security, compliance, and identity products
· Intermediate understanding of Windows 10
· Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
· Familiarity with Azure virtual machines and virtual networking
· Basic understanding of scripting concepts.
Location | Dates | Time (UTC+2 ) |
Delivery Format | Language |
---|---|---|---|---|
Live Online* |
23,25,27,30-Sept & 2,4-Oct | 17:30-22:00 | Instructor Led | English |
Live Online* |
25,27,29-Nov & 2,4,6-Dec | 17:30-22:00 | Instructor Led | Greek |
* Σύγχρονη εξ αποστάσεως εκπαίδευση με εισηγητή – Virtual Class
Last update : 28/12/2023(SC-200T00)