SC-200 Microsoft Security Operations Analyst Course & SIMs
Size: 7.80 GB

TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS:

Introduction

  • Welcome to the course
  • Understanding the Microsoft Environment
  • Foundations of Active Directory Domains
  • Foundations of RAS, DMZ, and Virtualization
  • Foundations of the Microsoft Cloud Services
  • DONT SKIP: The first thing to know about Microsoft cloud services
  • DONT SKIP: Azure AD is now renamed to Entra ID
  • Questions for John Christopher
  • Order of concepts covered in the course

Performing hands on activities

  • DONT SKIP: Using Assignments in the course
  • Creating a free Microsoft 365 Account
  • Activating licenses for Defender for Endpoint and Vulnerabilities
  • Getting your free Azure credit

Configure settings in Microsoft Defender XDR

  • Introduction to Microsoft 365 Defender
  • Concepts of the purpose of extended detection and response (XDR)
  • Microsoft Defender and Microsoft Purview admin centers
  • Concepts of Microsoft Sentinel
  • Concepts of management with Microsoft Defender for Endpoint

Manage assets and environments

  • Setup a Windows 11 virtual machine endpoint
  • Enrolling to Intune for attack surface reduction (ASR) support
  • Onboarding to manage devices using Defender for Endpoint
  • A note about extra features in your Defender for Endpoint
  • Incidents, alert notifications, and advanced feature for endpoints
  • Review and respond to endpoint vulnerabilities
  • Recommend attack surface reduction (ASR) for devices
  • Configure and manage device groups
  • Overview of Microsoft Defender for Cloud
  • Identify devices at risk using the Microsoft Defender Vulnerability Management
  • Manage endpoint threat indicators
  • Identify unmanaged devices by using device discovery

Design and configure a Microsoft Sentinel workspace

  • Plan a Microsoft Sentinel workspace
  • Configure Microsoft Sentinel roles
  • Design and configure Microsoft Sentinel data storage, log types and log retention

Ingest data sources in Microsoft Sentinel

  • Identify data sources to be ingested for Microsoft Sentinel
  • Configure and use MS Sentinel connectors, Azure Policy & diagnostic settings
  • Configure Microsoft Sentinel connectors for MS 365 Defender & Defender for Cloud
  • Design and configure Syslog and Common Event Format (CEF) event collections
  • Design and configure Windows security event collections
  • Configure threat intelligence connectors
  • Create custom log tables in the workspace to store ingested data

Configure protections in Microsoft Defender security technologies

  • Plan and configure Microsoft Defender for Cloud settings
  • Configure Microsoft Defender for Cloud roles
  • Assess and recommend cloud workload protection and enable plans
  • Configure automated onboarding of Azure resources
  • Connect multi-cloud resources by using Environment settings

Configure detection in Microsoft Defender XDR

  • Setup a simulation lab using Microsoft 365 Defender
  • Run an attack against a device in the simulation lab
  • Manage incidents & automated investigations in the Microsoft 365 Defender portal
  • Run an attack simulation email campaign in Microsoft 365 Defender
  • Manage actions and submissions in the Microsoft 365 Defender portal
  • Identify threats by using Kusto Query Language (KQL)
  • Identify and remediate security risks by using Microsoft Secure Score
  • Analyze threat analytics in the Microsoft 365 Defender portal
  • Configure and manage custom detections and alerts

Configure detections in Microsoft Sentinel

  • Concepts of Microsoft Sentinel analytics rules
  • Configure the Fusion rule
  • Configure Microsoft security analytics rules
  • Configure built-in scheduled query rules
  • Configure custom scheduled query rules
  • Configure near-real-time (NRT) analytics rules
  • Manage analytics rules from Content hub
  • Manage and use watchlists
  • Manage and use threat indicators

Respond to alerts and incidents in Microsoft Defender XDR

  • Using polices to remediate threats with Email, Teams, SharePoint & OneDrive
  • Investigate, respond, and remediate threats with Defender for Office 365
  • Understanding data loss prevention (DLP) in Microsoft 365 Defender
  • Implement data loss prevention policies (DLP) to respond and alert
  • Investigate & respond to alerts generated by data loss prevention (DLP) policies
  • Understanding insider risk policies
  • Generating an insider risk policy
  • Investigate and respond to alerts generated by insider risk policies
  • Discover and manage apps by using Microsoft Defender for Cloud Apps
  • Identify, investigate, & remediate security risks by using Defender for Cloud Apps

Respond to alerts and incidents identified by Microsoft Defender for Endpoint

  • Configure User and Entity Behavior Analytics settings
  • Investigate threats by using entity pages
  • Configure anomaly detection analytics rules

Enrich investigations by using other Microsoft tools

  • Understanding unified audit log licensing and requirements
  • Setting unified audit permissions and enabling support
  • Perform threat hunting by using unified audit log
  • Perform threat hunting by using Content Search

Manage incidents in Microsoft Sentinel

  • Configure an incident generation
  • Triage incidents in Microsoft Sentinel
  • Investigate incidents in Microsoft Sentinel
  • Respond to incidents in Microsoft Sentinel
  • Investigate multi-workspace incidents

Configure security orchestration, automation, and response (SOAR) in Microsoft Sentinel

  • Create and configure automation rules
  • Create and configure Microsoft Sentinel playbooks
  • Configure analytic rules to trigger automation rules
  • Trigger playbooks from alerts and incidents

Hunt for threats by using KQL

  • Identify threats by using Kusto Query Language (KQL)
  • Interpret threat analytics in the Microsoft Defender portal
  • Create custom hunting queries by using KQL

Hunt for threats by using Microsoft Sentinel

  • Analyze attack vector coverage by using MITRE ATT&CK in Microsoft Sentinel
  • Customize content gallery hunting queries
  • Create custom hunting queries
  • Use hunting bookmarks for data investigations
  • Monitor hunting queries by using Livestream
  • Retrieve and manage archived log data
  • Create and manage search jobs

Respond to alerts and incidents in Microsoft Defender for Cloud

  • Set up email notifications
  • Create and manage alert suppression rules
  • Design and configure workflow automation in Microsoft Defender for Cloud
  • Generate sample alerts and incidents in Microsoft Defender for Cloud
  • Remediate alerts and incidents by using MS Defender for Cloud recommendations
  • Manage security alerts and incidents
  • Analyze Microsoft Defender for Cloud threat intelligence reports

Analyze and interpret data by using workbooks

  • Activate and customize Microsoft Sentinel workbook templates
  • Create custom workbooks
  • Configure advanced visualizations

Conclusion

  • Cleaning up your lab environment
  • Getting a Udemy certificate
  • BONUS Where do I go from here?

HOMEPAGE – https://www.udemy.com/course/microsoft-security-operations-analyst-course-sims/

Free Download Link-

Note: Comment below if you find the download link dead.


0 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *