Booking options
£41.99
Course Images
SC-200: Microsoft Security Operations Analyst
By Packt
- 30 Day Money Back Guarantee
- Completion Certificate
- 24/7 Technical Support
Highlights
On-Demand course
13 hours 1 minutes
All levels
Description
A carefully structured course loaded with lab exercises that will help you learn all about implementing Microsoft Defender for Endpoint platform the right way. The course's learning path aligns with the SC-200: Microsoft Security Operations Analyst Exam.
The Microsoft security operations analyst works with organizational stakeholders to secure the organization's information technology systems. Its mission is to reduce corporate risk by quickly resolving active attacks in the environment, advising on threat protection practices, and reporting policy violations to the proper stakeholders. Threat management, monitoring, and response using a variety of security technologies across their environment are among their responsibilities. Using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security tools, the position primarily investigates, responds to, and hunts for threats. The security operations analyst is a key stakeholder in the configuration and implementation of these technologies as they consume the operational output of these solutions. This course starts by mitigating threats using Microsoft 365 Defender following which we will move on to module 2: mitigate threats using Microsoft Defender for Endpoint and module 3: mitigate threats using Azure Defender. Module 4 is all about creating queries for Azure Sentinel using Kusto query language whilst module 5 will be based on Microsoft Sentinel environment - configuration. Furthermore, module 6 will be about the Microsoft Sentinel environment - connecting logs. Post which, we will understand module 7 Microsoft Sentinel environment - incidents, threat response, UEBA, and monitoring. We will be wrapping up the course by understanding how to perform threat hunting with Microsoft Sentinel, which will be our 8th module. By the end of the course, you will gain the requisite knowledge and confidence to pass the SC-200: Microsoft Security Operations Analyst Exam. All resources to this course are placed here: https://github.com/PacktPublishing/SC-200-Microsoft-Security-Operations-Analyst
What You Will Learn
Define the capabilities of Microsoft Defender for Endpoint
Understand how to hunt threats within your network
Create a Microsoft Defender for the Endpoint environment
Configure Microsoft Defender for Endpoint environment settings
Manage indicators in Microsoft Defender for Endpoint
Construct KQL statements
Audience
This course is for participants aspiring for an SC-200 Certification. This is designed for everyone who aspires to work in the modern age SOC environment and for anyone who wants to learn the M365 defender suite of services.
A basic understanding of Microsoft 365 and foundational knowledge of computer networking will be beneficial.
Approach
This course teaches you how to learn it the right way with tons of lab exercises and the right volume of labs. The course is designed and mapped exactly to the latest pattern and structure of the SC-200: Microsoft Security Operations Analyst Exam.
Key Features
Identify vulnerabilities on your devices with Microsoft Defender for Endpoint * Explain how Microsoft Defender for Endpoint can remediate risks in your environment * Describe threat and vulnerability management in Microsoft Defender for Endpoint
Github Repo
https://github.com/PacktPublishing/SC-200-Microsoft-Security-Operations-Analyst
About the Author
Anand Rao Nednur
Anand Rao Nednur is a senior technical instructor and cloud consultant. He has worked with large enterprises for about 15 years and has a wide range of technologies in his portfolio. Anand is adept at not just cloud platforms (Azure, AWS, and GCP) but is also well-versed with IAM, security, and automation with PowerShell and Python.
In addition, he has been developing and updating the content for various courses. He has been assisting many engineers in lab examinations and securing certifications.
Anand is also a certified seasoned professional holding several certifications and has delivered instructor-led training in several states in India as well as several countries such as the USA, Bahrain, Kenya, and UAE. He has worked as a Microsoft-certified trainer globally for major corporate clients.
Course Outline
1. Introduction
1. The Need for SOC Team This video explains the need for SOC team. |
2. SC-200 - Microsoft Security Operations Analyst - Course Introduction This video introduces you to the course. |
3. SC-200 - Microsoft Security Operations Analyst - Recent Update This video introduces you to the recent update made to the course. |
2. Module 1- Mitigate Threats Using Microsoft 365 Defender
1. Module 1 - Learning Objectives This video explains the learning objectives of module 1. |
2. Introduction to Threat Protection This video introduces you to threat protection. |
3. Microsoft 365 Defender Suite This video explains the Microsoft 365 Defender suite. |
4. Typical Timeline of an Attack This video explains the typical timeline of an attack. |
5. Microsoft 365 Defender - Interactive Demonstration This video explains Microsoft 365 Defender - interactive demonstration. |
6. Mitigate Incidents Using Microsoft 365 Defender - Chapter Introduction This video explains mitigate incidents using Microsoft 365 Defender - chapter introduction. |
7. How to Create Your Playground - Lab Environment This video explains the lab environment. |
8. Microsoft 365 Defender Portal - Introduction This video explains Microsoft 365 Defender portal. |
9. Managing Incidents This video explains managing incidents. |
10. More about Incidents This video explains more about incidents. |
11. Simulate Incidents - Tor Browser This video explains simulated incidents - Tor browser. |
12. Managing Incidents This video explains managing incidents. |
13. Managing Alerts This video explains managing alerts. |
14. Investigating Incidents - MITRE ATT-A-CK This video explains investigating incidents. |
15. Advance Hunting This video explains advance hunting. |
16. Advance Hunting Schema This video explains advance hunting schema. |
17. Exploring the Kusto Queries This video explains exploring the Kusto Queries. |
18. Microsoft Threat Experts This video explains Microsoft threat experts. |
19. Microsoft Defender for Office 365 - Chapter Introduction This video explains Microsoft Defender for Office 365. |
20. Microsoft Defender for Office 365 - Key Capabilities This video explains Microsoft Defender for Office 365 - key capabilities. |
21. Microsoft Defender for Office 365 - Key Capabilities - II This video explains Microsoft Defender for Office 365 - key capabilities - II. |
22. Safeguard Your Organization- M365 Defender for O365 - Lab I This video explains safeguard your organization- M365 Defender for O365 - lab I. |
23. Safeguard Your Organization- M365 Defender for O365 - Lab II This video explains safeguard your organization- M365 Defender for O365 - lab II. |
24. Attack Simulation - Lab Activity This video demonstrates attack simulation. |
25. Microsoft Defender for Identity - Introduction This video introduces Microsoft Defender for Identity. |
26. What Is Microsoft Defender for Identity This video explains Microsoft Defender for Identity. |
27. Microsoft Defender for Identity - Key Capabilities This video Microsoft Defender for Identity - key capabilities. |
28. Installing Sensors on Domain Controller - 1 This video explains installing sensors on domain controller - 1. |
29. Installing Sensors on Domain Controller - 2 This video explains installing sensors on domain controller - 2. |
30. Capturing Lateral Movements This video explains capturing lateral movements. |
31. Threat Hunting Lab This video explains threat hunting lab. |
32. Microsoft Defender for Identity Sensors - Architecture This video explains Microsoft Defender for Identity Sensors - architecture. |
33. Protect Your Identities with Azure AD Identity Protection - Introduction This video explains protect your identities with Azure AD identity protection - introduction. |
34. User Risks and Sign-In Risks This video explains user risks and sign-in risks. |
35. User Risk Policy and Sign-In Risk Policy - Lab Activity This video explains user risk policy and sign-in risk policy - lab activity. |
36. Cloud App Security - Introduction This video explains cloud app security - introduction. |
37. The Cloud App Security Framework This video explains the cloud app security framework. |
38. Conditional Access App Controls This video explains conditional access app controls. |
39. What Is Information Protection? This video explains information protection. |
40. Insider Risk Management - Enable Auditing This video explains insider risk management - enable auditing. |
41. Phases of Cloud App security This video explains the phases of cloud app security. |
42. Cloud App security Phases - Lab Activity This video explains cloud app security phases - lab activity. |
43. Data Loss Prevention - Chapter Introduction This video explains data loss prevention - chapter introduction. |
44. DLP Alerts This video explains DLP alerts. |
45. Create Policies for DLP in Compliance Portal This video explains how to create policies for DLP in compliance portal. |
46. Insider Risk Management This video explains insider risk management. |
47. What Is Insider Risk This video explains insider risk. |
48. Pain Points of a Modern Workplace This video explains the pain points of a modern workplace. |
49. Insider Risk management with M365 Defender This video explains insider risk management with M365 Defender. |
50. Insider Risk Management - Permissions This video explains insider risk management - permissions. |
51. Module 1 - Summary This video summarizes module 1. |
3. Module 2 - Mitigate Threats Using Microsoft Defender for Endpoint
1. Module 2 - Introduction This video introduces you to module 2. |
2. Defender for Endpoint - Features This video explains Defender for Endpoint - features. |
3. Defender for Endpoint - Terminology This video explains Defender for Endpoint - terminology. |
4. Onboarding Devices to Defender This video explains onboarding devices to Defender. |
5. Windows 10 Security Enhancements - Chapter Introduction This video explains Windows 10 security enhancements - chapter introduction. |
6. Attack Surface Reduction Rules This video explains attack surface reduction rules. |
7. Attack Surface Rules This video explains attack surface rules. |
8. Device Inventory This video explains device inventory. |
9. Device Investigation -Alerts This video explains device investigation -alerts. |
10. Behavioral Blocking This video explains behavioral blocking. |
11. Client Behavioral Blocking This video explains client behavioral blocking. |
12. EDR- Block Mode This video explains EDR- block mode. |
13. EDR- Block Mode - Lab Activity This video explains EDR- block mode - lab activity. |
14. Performing Actions on the Device This video explains performing actions on the device. |
15. Live Response This video explains the live response. |
16. Perform Evidence and Entities Investigations This video explains how to perform evidence and entities investigations. |
17. User Investigations This video explains user investigations. |
18. Advance Automated Remediation Features - Endpoint This video explains advance automated remediation features - endpoint. |
19. Managing File Uploads This video explains managing file uploads. |
20. Automation Folder Exclusion This video explains automation folder exclusion. |
21. File Level Investigation This video explains file level investigation. |
22. Automating Device Group Remediation This video explains automating device group remediation. |
23. Blocking Risky Devices Using Intune, Defender, and Azure AD This video explains blocking risky devices using Intune, Defender, and Azure AD. |
24. Configure Alerts and Detections - Chapter Introduction This video explains configuring alerts and detections - chapter introduction. |
25. Configuring Advance Features This video explains configuring advance features. |
26. Configuring Email Notifications This video explains configuring email notifications. |
27. Indicators of Compromise This video explains the indicators of compromise. |
28. Threat and Vulnerability Management - Chapter Introduction This video explains threat and vulnerability management - chapter introduction. |
29. Threat and Vulnerability Management - Explanation This video explains threat and vulnerability management - explanation. |
30. Module 2 - Summary This video summarizes the second module. |
4. Module 3 - Mitigate Threats Using Microsoft Defender for Cloud
1. Module 3 - Introduction This video introduces you to module 3. |
2. What Is Azure Security Center This video explains Azure security center. |
3. Microsoft Defender for Cloud - Features This video explains Microsoft Defender for cloud - features. |
4. Azure Defender for Cloud - Lab Activity This video explains Azure Defender for cloud - lab activity. |
5. CSPM and CWP This video explains CSPM and CWP. |
6. Which Resources Are Protected Using Microsoft Defender This video explains which resources are protected using Microsoft Defender. |
7. Benefits of Azure Defender for Servers This video explains the benefits of Azure Defender for servers. |
8. Defender for App Services This video explains Defender for app services. |
9. Defender for App Services - Lab This video explains Defender for app services - lab. |
10. Defender for Storage - Lab This video explains Defender for storage - lab. |
11. Defender for SQL - Lab This video explains Defender for SQL - lab. |
12. Defender for Keyvault This video explains Defender for Keyvault. |
13. Defender for DNS This video explains Defender for DNS. |
14. Defender for Kubernetes This video explains Defender for Kubernetes. |
15. Defender for Container Registry This video explains Defender for Container Registry. |
16. Connect Azure Assets to Azure Defender- Chapter Introduction This video explains connecting Azure assets to Azure Defender- chapter introduction. |
17. Asset Inventory - Lab This video explains asset inventory - lab. |
18. Auto-Provisioning This video explains auto-provisioning. |
19. Stored Event Types This video explains stored event types. |
20. Manual Provisioning This video explains manual provisioning. |
21. Connect Non-Azure Resources to Defender This video explains connecting non-Azure resources to Defender. |
22. Onboarding Methods This video explains onboarding methods. |
23. Onboard GCP Instance to Azure ARC This video explains the onboard GCP instance to Azure ARC. |
24. Onboarding AWS Services to Defender Cloud This video explains onboarding AWS services to Defender for cloud. |
25. Remediating Security Alerts- Chapter Introduction This video explains remediating security alerts- chapter introduction. |
26. Changing World and Attackers This video explains the changing world and attackers. |
27. What Are Security Alerts and Notifications This video explains security alerts and notifications. |
28. How Does a Defender Work? This video explains how a defender works. |
29. Alert Severity Level This video explains alert severity level. |
30. Continuous Monitoring and Assessments This video explains continuous monitoring and assessments. |
31. MITRE Attack Tactics and Alert Types This video explains MITRE attack tactics and alert types. |
32. Remediating Alerts This video explains remediating alerts. |
33. Automated Responses This video explains automated responses. |
34. Alert Suppression This video explains alert suppression. |
35. Module 3 - Summary This video summarizes module 3. |
5. Module 4 - Create Queries for Microsoft Sentinel Using Kusto Query Language
1. Module 4 - Introduction This video introduces you to module 4. |
2. The Construct of KQL Language This video explains the construct of KQL language. |
3. The Lab Environment This video explains the lab environment. |
4. Declaring Variables with Let This video explains declaring variables with Let. |
5. Search and Where Operator This video explains the Search and Where operator. |
6. Extend Operator This video explains the Extend operator. |
7. Order by Usage This video explains order by usage. |
8. Project Operator This video explains the project operator. |
9. Summarize, Count, and DCount Functions This video explains Summarize, Count, and DCount functions. |
10. Arg_Max and Arg_Min Functions This video explains Arg_Max and Arg_Min functions. |
11. Make_List and Make_Set Functions This video explains Make_List and Make_Set functions. |
12. Render Operator This video explains the render operator. |
13. Bin Function This video explains the bin function. |
14. Union Operator This video explains the union operator. |
15. Module 4 Summary This video summarizes module 4. |
6. Module 5 - Microsoft Sentinel Environment - Configuration
1. What Is a SIEM Solution This video explains a SIEM solution. |
2. What Is Microsoft Sentinel This video explains Microsoft Sentinel. |
3. Microsoft Sentinel - Components This video explains Microsoft Sentinel - components. |
4. Data Connectors This video explains data connectors. |
5. Log Retention This video explains log retention. |
6. Workbooks This video explains workbooks. |
7. Analytics Alerts This video explains analytics alerts. |
8. Threat Hunting This video explains threat hunting. |
9. Incidents and Investigations This video explains incidents and investigations. |
10. Automation Playbooks This video explains automation playbooks. |
11. Creating Azure Sentinel Workspace This video explains creating Azure Sentinel workspace. |
12. Azure Sentinel - RBAC This video explains Azure Sentinel - RBAC. |
13. Data Connectors This video explains data connectors. |
14. Onboarding Windows host to Sentinel This video explains onboarding Windows host to Sentinel. |
15. Ingesting Events to Sentinel This video explains ingesting events to Sentinel. |
16. Sentinel Watchlist This video explains Sentinel watchlist. |
17. Sentinel - Creating a Watchlist for Tor Nodes-Edited This video explains Sentinel - creating a watchlist for Tor Nodes-edited. |
18. Sentinel - Create Hunting Query This video explains Sentinel - create a hunting query. |
19. Sentinel - Live Stream This video explains Sentinel - live stream. |
20. Sentinel - Capturing Traffic from TOR Exit Nodes This video explains Sentinel - capturing traffic from TOR exit nodes. |
21. Sentinel - Create Analytical Rules This video explains Sentinel - create analytical rules. |
22. Analytical Rule Type - Fusion This video explains analytical rule type - fusion. |
23. Analytical Rule Types - Security Types This video explains analytical rule types - security types. |
24. Analytical Rule Types - ML-Based Behavioral Analytics This video explains analytical rule types - ML-based behavioral analytics. |
25. Analytical Rule Types - Anomaly, Scheduled Alerts, and NRT This video explains analytical rule types - anomaly, scheduled alerts, and NRT. |
26. Creating Analytics Rules Based on Template This video explains creating analytics rules based on template. |
27. Creating Analytic Rules Based on Wizard This video explains creating analytic rules based on Wizard. |
28. Managing the Rules This video explains managing the rules. |
29. Define Threat Intelligence - CTI This video explains how to define threat intelligence - CTI. |
30. Create TI - Lab Activity This video explains a lab activity on how to create TI. |
7. Module 6 - Microsoft Sentinel Environment - Connecting Logs
1. Module 6 Introduction This video explains module 6 introduction. |
2. Connect M365 Defender to Sentinel This video explains connecting M365 Defender to Sentinel. |
3. Office 365 Log Connector This video explains Office 365 log connector. |
4. Azure Activity Log Connector This video explains Azure activity log connector. |
5. Azure Active Directory Identity Protection Connector This video explains Azure Active Directory identity protection connector. |
6. Defender for Office 365 Connector This video explains Defender for Office 365 connector. |
7. Defender for Endpoint Connector This video explains Defender for Endpoint connector. |
8. Connect Threat Indicators to Microsoft Sentinel This video explains how to connect threat indicators to Microsoft Sentinel. |
8. Module 7 - Microsoft Sentinel Environment - Incidents, Threat Response, UEBA, and Monitoring
1. Module 7 Introduction This video introduces you to module 7. |
2. Key Concepts of Incident Management - I This video explains key concepts of incident management - I. |
3. Investigations in Azure Sentinel This video explains investigations in Azure Sentinel. |
4. Key Concepts of Incident Management - II This video explains key concepts of incident management - II. |
5. Incident Management in Microsoft Sentinel - I This video explains incident management in Microsoft Sentinel - I. |
6. Incident Management in Microsoft Sentinel - II This video explains incident management in Microsoft Sentinel - II. |
7. Brute Force Attack against Azure Portal - Simulation This video explains brute force attack against Azure portal - simulation. |
8. Threat Response with Microsoft Sentinel Playbooks - Introduction/Use Case This video explains threat response with Microsoft Sentinel Playbooks - introduction/use case. |
9. Step 1 - Creating Analytical Rule to Look for Role Membership Changes This video explains step 1 - creating analytical rule to look for role membership changes. |
10. Step 2 - Integrate Log Analytics with Azure AD Audit Logs This video explains step 2 - integrate log analytics with Azure AD audit logs. |
11. Step 3 - Verify Log Analytics This video explains step 3 - verify log analytics. |
12. Step 4 - Incident Creation in Sentinel This video explains step 4 - incident creation in Sentinel. |
13. Step 5 - Create Logic App to Integrate with Microsoft Teams This video explains step 5 - create a logic app to integrate with Microsoft Teams. |
14. Step 6 - Edit Analytical Rule to Add Logic App - Playbooks This video explains step 6 - edit analytical rule to add logic app - Playbooks. |
15. Testing the Integration This video explains testing integration. |
16. UEBA - User Entity Behavior Analytics - Introduction This video explains UEBA - User Entity Behavior Analytics - introduction. |
17. Entity Behavior Lab -I This video explains Entity behavior lab -I. |
18. Entity Behavior Lab -II This video explains Entity behavior lab -II. |
19. Workbooks - Introduction This video explains Workbooks - introduction. |
20. Create Workbooks Using Template This video explains creating Workbooks using a template. |
21. Create Workbook from scratch This video explains how to create a Workbook from scratch. |
9. Module 8 - Perform Threat Hunting with Microsoft Sentinel
1. Module 8 Introduction This video introduces you to module 8. |
2. Cyber Security Threat Hunting This video explains cyber security threat hunting. |
3. The Need for Proactive Hunting This video explains the need for proactive hunting. |
4. Develop a Threat Hunting Hypothesis This video explains how to develop a threat hunting hypothesis. |
5. Threat Hunting - Recap This video explains threat hunting - recap. |
6. Notebooks - Introduction This video explains Notebooks - introduction. |
7. Sentinel Notebooks - Lab Activity This video explains Sentinel Notebooks - lab activity. |
10. SC 200 - Microsoft Security Operations Analyst - Course Summary
1. Microsoft Security Operations Analyst - Course Summary This video wraps up the course. |
Course Content
- SC-200: Microsoft Security Operations Analyst
About The Provider
Packt
Birmingham
Founded in 2004 in Birmingham, UK, Packt’s mission is to help the world put software to work in new ways, through the delivery of effective learning and i...
Reviews
There are no reviews for SC-200: Microsoft Security Operations Analyst yet.Why not be the first one to review this course?