Three Days

Outline for Azure Sentinel Certification Training

Module 1: Technical overview

Introduction to SIEM tools

The security information and event management process

Module 2: Azure Sentinel role

Design and configure an Azure Sentinel workspace

plan an Azure Sentinel workspace

configure Azure Sentinel roles

design Azure Sentinel data storage

configure Azure Sentinel service security

Lab : Onboarding Azure Sentinel and Connect Data Sources

Module 3: Log Management and KQL

create custom logs in Azure Log

Lab : Performing Log Search using Kusto Query Language.

Module 4: Collecting events

Plan and Implement the use of Data Connectors for Ingestion of Data Sources in Azure Sentinel

identify data sources to be ingested for Azure Sentinel

identify the prerequisites for a data connector

configure and use Azure Sentinel data connectors

design Syslog and CEF collections

design and Configure Windows Events collections

Module 5: Integrating threat intelligence

configure custom threat intelligence connectors

Analytics to store custom data

Module 6: Writing rules to implement detection

Manage Azure Sentinel analytics rules

design and configure analytics rules

create custom analytics rules to detect threats