TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS:
Introduction
- Welcome to the course
- Understanding the Microsoft Environment
- Foundations of Active Directory Domains
- Foundations of RAS, DMZ, and Virtualization
- Foundations of the Microsoft Cloud Services
- DONT SKIP: The first thing to know about Microsoft cloud services
- DONT SKIP: Azure AD is now renamed to Entra ID
- Questions for John Christopher
- Order of concepts covered in the course
Performing hands on activities
- DONT SKIP: Using Assignments in the course
- Creating a free Microsoft 365 Account
- Activating licenses for Defender for Endpoint and Vulnerabilities
- Getting your free Azure credit
Configure settings in Microsoft Defender XDR
- Introduction to Microsoft 365 Defender
- Concepts of the purpose of extended detection and response (XDR)
- Microsoft Defender and Microsoft Purview admin centers
- Concepts of Microsoft Sentinel
- Concepts of management with Microsoft Defender for Endpoint
Manage assets and environments
- Setup a Windows 11 virtual machine endpoint
- Enrolling to Intune for attack surface reduction (ASR) support
- Onboarding to manage devices using Defender for Endpoint
- A note about extra features in your Defender for Endpoint
- Incidents, alert notifications, and advanced feature for endpoints
- Review and respond to endpoint vulnerabilities
- Recommend attack surface reduction (ASR) for devices
- Configure and manage device groups
- Overview of Microsoft Defender for Cloud
- Identify devices at risk using the Microsoft Defender Vulnerability Management
- Manage endpoint threat indicators
- Identify unmanaged devices by using device discovery
Design and configure a Microsoft Sentinel workspace
- Plan a Microsoft Sentinel workspace
- Configure Microsoft Sentinel roles
- Design and configure Microsoft Sentinel data storage, log types and log retention
Ingest data sources in Microsoft Sentinel
- Identify data sources to be ingested for Microsoft Sentinel
- Configure and use MS Sentinel connectors, Azure Policy & diagnostic settings
- Configure Microsoft Sentinel connectors for MS 365 Defender & Defender for Cloud
- Design and configure Syslog and Common Event Format (CEF) event collections
- Design and configure Windows security event collections
- Configure threat intelligence connectors
- Create custom log tables in the workspace to store ingested data
Configure protections in Microsoft Defender security technologies
- Plan and configure Microsoft Defender for Cloud settings
- Configure Microsoft Defender for Cloud roles
- Assess and recommend cloud workload protection and enable plans
- Configure automated onboarding of Azure resources
- Connect multi-cloud resources by using Environment settings
Configure detection in Microsoft Defender XDR
- Setup a simulation lab using Microsoft 365 Defender
- Run an attack against a device in the simulation lab
- Manage incidents & automated investigations in the Microsoft 365 Defender portal
- Run an attack simulation email campaign in Microsoft 365 Defender
- Manage actions and submissions in the Microsoft 365 Defender portal
- Identify threats by using Kusto Query Language (KQL)
- Identify and remediate security risks by using Microsoft Secure Score
- Analyze threat analytics in the Microsoft 365 Defender portal
- Configure and manage custom detections and alerts
Configure detections in Microsoft Sentinel
- Concepts of Microsoft Sentinel analytics rules
- Configure the Fusion rule
- Configure Microsoft security analytics rules
- Configure built-in scheduled query rules
- Configure custom scheduled query rules
- Configure near-real-time (NRT) analytics rules
- Manage analytics rules from Content hub
- Manage and use watchlists
- Manage and use threat indicators
Respond to alerts and incidents in Microsoft Defender XDR
- Using polices to remediate threats with Email, Teams, SharePoint & OneDrive
- Investigate, respond, and remediate threats with Defender for Office 365
- Understanding data loss prevention (DLP) in Microsoft 365 Defender
- Implement data loss prevention policies (DLP) to respond and alert
- Investigate & respond to alerts generated by data loss prevention (DLP) policies
- Understanding insider risk policies
- Generating an insider risk policy
- Investigate and respond to alerts generated by insider risk policies
- Discover and manage apps by using Microsoft Defender for Cloud Apps
- Identify, investigate, & remediate security risks by using Defender for Cloud Apps
Respond to alerts and incidents identified by Microsoft Defender for Endpoint
- Configure User and Entity Behavior Analytics settings
- Investigate threats by using entity pages
- Configure anomaly detection analytics rules
Enrich investigations by using other Microsoft tools
- Understanding unified audit log licensing and requirements
- Setting unified audit permissions and enabling support
- Perform threat hunting by using unified audit log
- Perform threat hunting by using Content Search
Manage incidents in Microsoft Sentinel
- Configure an incident generation
- Triage incidents in Microsoft Sentinel
- Investigate incidents in Microsoft Sentinel
- Respond to incidents in Microsoft Sentinel
- Investigate multi-workspace incidents
Configure security orchestration, automation, and response (SOAR) in Microsoft Sentinel
- Create and configure automation rules
- Create and configure Microsoft Sentinel playbooks
- Configure analytic rules to trigger automation rules
- Trigger playbooks from alerts and incidents
Hunt for threats by using KQL
- Identify threats by using Kusto Query Language (KQL)
- Interpret threat analytics in the Microsoft Defender portal
- Create custom hunting queries by using KQL
Hunt for threats by using Microsoft Sentinel
- Analyze attack vector coverage by using MITRE ATT&CK in Microsoft Sentinel
- Customize content gallery hunting queries
- Create custom hunting queries
- Use hunting bookmarks for data investigations
- Monitor hunting queries by using Livestream
- Retrieve and manage archived log data
- Create and manage search jobs
Respond to alerts and incidents in Microsoft Defender for Cloud
- Set up email notifications
- Create and manage alert suppression rules
- Design and configure workflow automation in Microsoft Defender for Cloud
- Generate sample alerts and incidents in Microsoft Defender for Cloud
- Remediate alerts and incidents by using MS Defender for Cloud recommendations
- Manage security alerts and incidents
- Analyze Microsoft Defender for Cloud threat intelligence reports
Analyze and interpret data by using workbooks
- Activate and customize Microsoft Sentinel workbook templates
- Create custom workbooks
- Configure advanced visualizations
Conclusion
- Cleaning up your lab environment
- Getting a Udemy certificate
- BONUS Where do I go from here?
HOMEPAGE – https://www.udemy.com/course/microsoft-security-operations-analyst-course-sims/
Free Download Link-
Note: Comment below if you find the download link dead.
0 Comments