Keep Calm and Study On - Unlock Your Success - Use #TOGETHER for 30% discount at Checkout
Testprep Training

Microsoft Security Operations Analyst Exam (SC-200) Online Course

Microsoft Security Operations Analyst Exam (SC-200) Online Course

The Microsoft security operations analyst works with organizational stakeholders to secure the organization’s information technology systems. Its mission is to reduce corporate risk by quickly resolving active attacks in the environment, advising on threat protection practices, and reporting policy violations to the proper stakeholders. Threat management, monitoring, and response using a variety of security technologies across their environment are among their responsibilities.

Using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security tools, the position primarily investigates, responds to, and hunts for threats. The security operations analyst is a key stakeholder in the configuration and implementation of these technologies as they consume the operational output of these solutions.

This course starts by mitigating threats using Microsoft 365 Defender following which we will move on to module 2: mitigate threats using Microsoft Defender for Endpoint and module 3: mitigate threats using Azure Defender. Module 4 is all about creating queries for Azure Sentinel using Kusto query language whilst module 5 will be based on Microsoft Sentinel environment – configuration.

Furthermore, module 6 will be about the Microsoft Sentinel environment - connecting logs. Post which, we will understand module 7 Microsoft Sentinel environment - incidents, threat response, UEBA, and monitoring. We will be wrapping up the course by understanding how to perform threat hunting with Microsoft Sentinel, which will be our 8th module.

By the end of the course, you will gain the requisite knowledge and confidence to pass the SC-200: Microsoft Security Operations Analyst Exam.


Course Table of Contents

Introduction

  • The Need for SOC Team
  • SC-200 - Microsoft Security Operations Analyst - Course Introduction
  • SC-200 - Microsoft Security Operations Analyst - Recent Update

Module 1- Mitigate Threats Using Microsoft 365 Defender

  • Module 1 - Learning Objectives
  • Introduction to Threat Protection
  • Microsoft 365 Defender Suite
  • Typical Timeline of an Attack
  • Microsoft 365 Defender - Interactive Demonstration
  • Mitigate Incidents Using Microsoft 365 Defender - Chapter Introduction
  • How to Create Your Playground - Lab Environment
  • Microsoft 365 Defender Portal - Introduction
  • Managing Incidents
  • More about Incidents
  • Simulate Incidents - Tor Browser
  • Managing Incidents
  • Managing Alerts
  • Investigating Incidents - MITRE ATT-A-CK
  • Advance Hunting
  • Advance Hunting Schema
  • Exploring the Kusto Queries
  • Microsoft Threat Experts
  • Microsoft Defender for Office 365 - Chapter Introduction
  • Microsoft Defender for Office 365 - Key Capabilities
  • Microsoft Defender for Office 365 - Key Capabilities - II
  • Safeguard Your Organization- M365 Defender for O365 - Lab I
  • Safeguard Your Organization- M365 Defender for O365 - Lab II
  • Attack Simulation - Lab Activity
  • Microsoft Defender for Identity - Introduction
  • What Is Microsoft Defender for Identity
  • Microsoft Defender for Identity - Key Capabilities
  • Installing Sensors on Domain Controller - 1
  • Installing Sensors on Domain Controller - 2
  • Capturing Lateral Movements
  • Threat Hunting Lab
  • Microsoft Defender for Identity Sensors - Architecture
  • Protect Your Identities with Azure AD Identity Protection - Introduction
  • User Risks and Sign-In Risks
  • User Risk Policy and Sign-In Risk Policy - Lab Activity
  • Cloud App Security - Introduction
  • The Cloud App Security Framework
  • Conditional Access App Controls
  • What Is Information Protection?
  • Insider Risk Management - Enable Auditing
  • Phases of Cloud App security
  • Cloud App security Phases - Lab Activity
  • Data Loss Prevention - Chapter Introduction
  • DLP Alerts
  • Create Policies for DLP in Compliance Portal
  • Insider Risk Management
  • What Is Insider Risk
  • Pain Points of a Modern Workplace
  • Insider Risk management with M365 Defender
  • Insider Risk Management - Permissions
  • Module 1 - Summary

Module 2 - Mitigate Threats Using Microsoft Defender for Endpoint

  • Module 2 - Introduction
  • Defender for Endpoint - Features
  • Defender for Endpoint - Terminology
  • Onboarding Devices to Defender
  • Windows 10 Security Enhancements - Chapter Introduction
  • Attack Surface Reduction Rules
  • Attack Surface Rules
  • Device Inventory
  • Device Investigation -Alerts
  • Behavioral Blocking
  • Client Behavioral Blocking
  • EDR- Block Mode
  • EDR- Block Mode - Lab Activity
  • Performing Actions on the Device
  • Live Response
  • Perform Evidence and Entities Investigations
  • User Investigations
  • Advance Automated Remediation Features - Endpoint
  • Managing File Uploads
  • Automation Folder Exclusion
  • File Level Investigation
  • Automating Device Group Remediation
  • Blocking Risky Devices Using Intune, Defender, and Azure AD
  • Configure Alerts and Detections - Chapter Introduction
  • Configuring Advance Features
  • Configuring Email Notifications
  • Indicators of Compromise
  • Threat and Vulnerability Management - Chapter Introduction
  • Threat and Vulnerability Management - Explanation
  • Module 2 - Summary

Module 3 - Mitigate Threats Using Microsoft Defender for Cloud

  • Module 3 - Introduction
  • What Is Azure Security Center
  • Microsoft Defender for Cloud - Features
  • Azure Defender for Cloud - Lab Activity
  • CSPM and CWP
  • Which Resources Are Protected Using Microsoft Defender
  • Benefits of Azure Defender for Servers
  • Defender for App Services
  • Defender for App Services - Lab
  • Defender for Storage - Lab
  • Defender for SQL - Lab
  • Defender for Keyvault
  • Defender for DNS
  • Defender for Kubernetes
  • Defender for Container Registry
  • Connect Azure Assets to Azure Defender- Chapter Introduction
  • Asset Inventory - Lab
  • Auto-Provisioning
  • Stored Event Types
  • Manual Provisioning
  • Connect Non-Azure Resources to Defender
  • Onboarding Methods
  • Onboard GCP Instance to Azure ARC
  • Onboarding AWS Services to Defender Cloud
  • Remediating Security Alerts- Chapter Introduction
  • Changing World and Attackers
  • What Are Security Alerts and Notifications
  • How Does a Defender Work?
  • Alert Severity Level
  • Continuous Monitoring and Assessments
  • MITRE Attack Tactics and Alert Types
  • Remediating Alerts
  • Automated Responses
  • Alert Suppression
  • Module 3 - Summary

Module 4 - Create Queries for Microsoft Sentinel Using Kusto Query Language

  • Module 4 - Introduction
  • The Construct of KQL Language
  • The Lab Environment
  • Declaring Variables with Let
  • Search and Where Operator
  • Extend Operator
  • Order by Usage
  • Project Operator
  • Summarize, Count, and DCount Functions
  • Arg_Max and Arg_Min Functions
  • Make_List and Make_Set Functions
  • Render Operator
  • Bin Function
  • Union Operator
  • Module 4 Summary

Module 5 - Microsoft Sentinel Environment - Configuration

  • What Is a SIEM Solution
  • What Is Microsoft Sentinel
  • Microsoft Sentinel - Components
  • Data Connectors
  • Log Retention
  • Workbooks
  • Analytics Alerts
  • Threat Hunting
  • Incidents and Investigations
  • Automation Playbooks
  • Creating Azure Sentinel Workspace
  • Azure Sentinel - RBAC
  • Data Connectors
  • Onboarding Windows host to Sentinel
  • Ingesting Events to Sentinel
  • Sentinel Watchlist
  • Sentinel - Creating a Watchlist for Tor Nodes-Edited
  • Sentinel - Create Hunting Query
  • Sentinel - Live Stream
  • Sentinel - Capturing Traffic from TOR Exit Nodes
  • Sentinel - Create Analytical Rules
  • Analytical Rule Type - Fusion
  • Analytical Rule Types - Security Types
  • Analytical Rule Types - ML-Based Behavioral Analytics
  • Analytical Rule Types - Anomaly, Scheduled Alerts, and NRT
  • Creating Analytics Rules Based on Template
  • Creating Analytic Rules Based on Wizard
  • Managing the Rules
  • Define Threat Intelligence - CTI
  • Create TI - Lab Activity

Module 6 - Microsoft Sentinel Environment - Connecting Logs

  • Module 6 Introduction
  • Connect M365 Defender to Sentinel
  • Office 365 Log Connector
  • Azure Activity Log Connector
  • Azure Active Directory Identity Protection Connector
  • Defender for Office 365 Connector
  • Defender for Endpoint Connector
  • Connect Threat Indicators to Microsoft Sentinel

Module 7 - Microsoft Sentinel Environment - Incidents, Threat Response, UEBA, and Monitoring

  • Module 7 Introduction
  • Key Concepts of Incident Management - I
  • Investigations in Azure Sentinel
  • Key Concepts of Incident Management - II
  • Incident Management in Microsoft Sentinel - I
  • Incident Management in Microsoft Sentinel - II
  • Brute Force Attack against Azure Portal - Simulation
  • Threat Response with Microsoft Sentinel Playbooks - Introduction/Use Case
  • Step 1 - Creating Analytical Rule to Look for Role Membership Changes
  • Step 2 - Integrate Log Analytics with Azure AD Audit Logs
  • Step 3 - Verify Log Analytics
  • Step 4 - Incident Creation in Sentinel
  • Step 5 - Create Logic App to Integrate with Microsoft Teams
  • Step 6 - Edit Analytical Rule to Add Logic App - Playbooks
  • Testing the Integration
  • UEBA - User Entity Behavior Analytics - Introduction
  • Entity Behavior Lab -I
  • Entity Behavior Lab -II
  • Workbooks - Introduction
  • Create Workbooks Using Template
  • Create Workbook from scratch

Module 8 - Perform Threat Hunting with Microsoft Sentinel

  • Module 8 Introduction
  • Cyber Security Threat Hunting
  • The Need for Proactive Hunting
  • Develop a Threat Hunting Hypothesis
  • Threat Hunting - Recap
  • Notebooks - Introduction
  • Sentinel Notebooks - Lab Activity

SC 200 - Microsoft Security Operations Analyst - Course Summary

  • Microsoft Security Operations Analyst - Course Summary

Tags: Microsoft Security Operations Analyst Exam (SC-200) Online Course