Managing and Responding to Security Events Using Azure Sentinel
This course will teach you what Azure Sentinel is and how it helps organizations optimize their security. You will learn how to use this solution for threat detection, investigation, and rapid response for security incidents in your environment.
What you'll learn
Overwhelming volumes of security data combined with shortages of qualified professionals in the cybersecurity space continue to prove a challenge for many organizations. In this course, Managing and Responding to Security Events Using Azure Sentinel, you will learn how the Azure Sentinel can help you solve many SOC and SecOps challenges.
First, you will explore how simple it is to enable the Azure Sentinel solution in your Azure environments, and start ingesting data for analyses. Next, you will learn how to manage security incidents and use Workbooks for Visualizations. Finally, you will learn how Azure Sentinel helps you to detect threats using Analytic rules and how to perform proactive threat hunting.
By the end of this course, you will have the knowledge and confidence to be able to use the Azure Sentinel in your organization and help your organization's SOC and SecOps teams leverage this cloud-native SIEM-as-a-service and SOAR-as-a-service offering from Microsoft.
Table of contents
- Introduction 1m
- What Is SOAR? 2m
- Demo: Logic Apps Refresher 7m
- What Are Security Playbooks? 1m
- Demo: Real-time Automation - Emergency Account Usage Alert to Slack 9m
- Demo: On-demand Automation - Enrich Emergency Account Usage Incident with Community Playbook 5m
- Azure Sentinel APIs 2m
- Demo: Manage Incidents Using Azure Sentinel Management API 4m
- Demo: Ingesting Data Using HTTP Data Collector API Connector in Logic Apps 3m
- Further Learning Options and Summary 3m