Suche
Close this search box.

SC-200T00: Microsoft Security Operations Analyst

Der Microsoft Security Operations Analyst arbeitet mit Stakeholdern des Unternehmens zusammen, um Informationstechnologiesysteme für das Unternehmen zu sichern. Ziel ist es, das organisatorische Risiko zu reduzieren, indem aktive Angriffe in der Umgebung schnell behoben werden, Verbesserungen der Bedrohungsschutzpraktiken empfohlen und Verstöße gegen organisatorische Richtlinien an geeignete Stakeholder weitergeleitet werden.

Physisch oder virtuell?

Nehmen Sie an einem unserer Standorte Frankfurt, München und Wien oder virtuell an unseren Klassenraumtrainings teil. Unter „Termin buchen“ werden Ihnen alle Optionen angezeigt, zuerst sortiert nach Standort, dann nach Datum.

Dauer
4
Trainingssprache
Deutsch
Trainingsart
brainyCLASS (offen)

Was werden Sie in diesem Training erlernen?

Reduzieren der Bedrohungen mit Microsoft 365 Defender, Reduzieren Sie Bedrohungen mit Azure Defender, Reduzieren Sie Bedrohungen mithilfe von Azure Sentinel

Agenda

Introduction to Microsoft 365 threat protection
Explore Extended Detection & Response (XDR) response use cases
Understand Microsoft 365 Defender in a Security Operations Center (SOC)
Explore Microsoft Security Graph
Investigate security incident in Microsoft 365 Defender
Mitigate incidents using Microsoft 365 Defender
Use the Microsoft 365 Defender portal
Manage incidents
Investigate incidents
Manage and investigate alerts
Manage automated investigations
Use the action center
Explore advanced hunting
Investigate Azure AD sign-in logs
Understand Microsoft Secure Score
Analyze threat analytics
Analyze reports
Configure the Microsoft 365 Defender portal
Protect your identities with Azure AD Identity Protection
Azure AD Identity Protection overview
Detect risks with Azure AD Identity Protection policies
Investigate and remediate risks detected by Azure AD Identity Protection
Remediate risks with Microsoft Defender for Office 365
Introduction to Microsoft Defender for Office 365
Automate, investigate, and remediate
Configure, protect, and detect
Simulate attacks
Safeguard your environment with Microsoft Defender for Identity
Introduction to Microsoft Defender for Identity
Configure Microsoft Defender for Identity sensors
Review compromised accounts or data
Integrate with other Microsoft tools
Secure your cloud apps and services with Microsoft Defender for Cloud Apps
Understand the Defender for Cloud Apps Framework
Explore your cloud apps with Cloud Discovery
Protect your data and apps with Conditional Access App Control
Walk through discovery and access control with Microsoft Defender for Cloud Apps
Classify and protect sensitive information
Detect Threats
Respond to data loss prevention alerts using Microsoft 365
Describe data loss prevention alerts
Investigate data loss prevention alerts in Microsoft Purview
Investigate data loss prevention alerts in Microsoft Defender for Cloud Apps
Manage insider risk in Microsoft Purview
Insider risk management overview
Introduction to managing insider risk policies
Create and manage insider risk policies
Knowledge check
Investigate insider risk alerts
Take action on insider risk alerts through cases
Manage insider risk management forensic evidence
Create insider risk management notice templates
Investigate threats by using audit features in Microsoft 365 Defender and Microsoft Purview Standard
Introduction to threat investigation with the Unified Audit Log (UAL)
Explore Microsoft Purview Audit solutions
Implement Microsoft Purview Audit (Standard)
Start recording activity in the Unified Audit Log
Search the Unified Audit Log (UAL)
Export, configure, and view audit log records
Use audit log searching to investigate common support issues
Investigate threats using audit in Microsoft 365 Defender and Microsoft Purview (Premium)
Introduction to threat investigation with Microsoft Purview Audit (Premium)
Explore Microsoft Purview Audit (Premium)
Implement Microsoft Purview Audit (Premium)
Manage audit log retention policies
Investigate compromised email accounts using Purview Audit (Premium)
Investigate threats with Content search in Microsoft Purview
Explore Microsoft Purview eDiscovery solutions
Create a content search
View the search results and statistics
Export the search results and search report
Configure search permissions filtering
Search for and delete email messages
Protect against threats with Microsoft Defender for Endpoint
Introduction to Microsoft Defender for Endpoint
Practice security administration
Hunt threats within your network
Deploy the Microsoft Defender for Endpoint environment
Create your environment
Understand operating systems compatibility and features
Onboard devices
Manage access
Create and manage roles for role-based access control
Configure device groups
Configure environment advanced features
Implement Windows security enhancements with Microsoft Defender for Endpoint
Understand attack surface reduction
Enable attack surface reduction rules
Perform device investigations in Microsoft Defender for Endpoint
Use the device inventory list
Investigate the device
Use behavioral blocking
Detect devices with device discovery
Perform actions on a device using Microsoft Defender for Endpoint
Explain device actions
Run Microsoft Defender antivirus scan on devices
Collect investigation package from devices
Initiate live response session
Perform evidence and entities investigations using Microsoft Defender for Endpoint
Investigate a file
Investigate a user account
Investigate an IP address
Investigate a domain
Configure and manage automation using Microsoft Defender for Endpoint
Configure advanced features
Manage automation upload and folder settings
Configure automated investigation and remediation capabilities
Block at risk devices
Configure for alerts and detections in Microsoft Defender for Endpoint
Configure advanced features
Configure alert notifications
Manage alert suppression
Manage indicators
Utilize Vulnerability Management in Microsoft Defender for Endpoint
Understand vulnerability management
Explore vulnerabilities on your devices
Manage remediation
Plan for cloud workload protections using Microsoft Defender for Cloud
Explain Microsoft Defender for Cloud
Describe Microsoft Defender for Cloud workload protections
Exercise – Microsoft Defender for Cloud interactive guide
Enable Microsoft Defender for Cloud
Connect Azure assets to Microsoft Defender for Cloud
Explore and manage your resources with asset inventory
Configure auto provisioning
Manual log analytics agent provisioning
Connect non-Azure resources to Microsoft Defender for Cloud
Protect non-Azure resources
Connect non-Azure machines
Connect your AWS accounts
Connect your GCP accounts
Manage your cloud security posture management
Explore Secure Score
Explore Recommendations
Measure and enforce regulatory compliance
Understand Workbooks
Explain cloud workload protections in Microsoft Defender for Cloud
Understand Microsoft Defender for servers
Understand Microsoft Defender for App Service
Understand Microsoft Defender for Storage
Understand Microsoft Defender for SQL
Understand Microsoft Defender for open-source databases
Understand Microsoft Defender for Key Vault
Understand Microsoft Defender for Resource Manager
Understand Microsoft Defender for DNS
Understand Microsoft Defender for Containers
Understand Microsoft Defender additional protections
Remediate security alerts using Microsoft Defender for Cloud
Understand security alerts
Remediate alerts and automate responses
Suppress alerts from Defender for Cloud
Generate threat intelligence reports
Respond to alerts from Azure resources
Construct KQL statements for Microsoft Sentinel
Understand the Kusto Query Language statement structure
Use the search operator
Use the where operator
Use the let statement
Use the extend operator
Use the order by operator
Use the project operators
Analyze query results using KQL
Use the summarize operator
Use the summarize operator to filter results
Use the summarize operator to prepare data
Use the render operator to create visualizations
Build multi-table statements using KQL
Use the union operator
Use the join operator
Work with data in Microsoft Sentinel using Kusto Query Language
Introduction
Extract data from unstructured string fields
Extract data from structured string data
Integrate external data
Create parsers with functions
Introduction to Microsoft Sentinel
What is Microsoft Sentinel?
How Microsoft Sentinel works
When to use Microsoft Sentinel
Create and manage Microsoft Sentinel workspaces
Plan for the Microsoft Sentinel workspace
Create a Microsoft Sentinel workspace
Manage workspaces across tenants using Azure Lighthouse
Understand Microsoft Sentinel permissions and roles
Manage Microsoft Sentinel settings
Configure logs
Query logs in Microsoft Sentinel
Query logs in the logs page
Understand Microsoft Sentinel tables
Understand common tables
Understand Microsoft 365 Defender tables
Use watchlists in Microsoft Sentinel
Plan for watchlists
Create a watchlist
Manage watchlists
Utilize threat intelligence in Microsoft Sentinel
Define threat intelligence
Manage your threat indicators
View your threat indicators with KQL
Connect data to Microsoft Sentinel using data connectors
Ingest log data with data connectors
Understand data connector providers
View connected hosts
Connect Microsoft services to Microsoft Sentinel
Plan for Microsoft services connectors
Connect the Microsoft Office 365 connector
Connect the Azure Active Directory connector
Connect the Azure Active Directory identity protection connector
Connect the Azure Activity connector
Connect Microsoft 365 Defender to Microsoft Sentinel
Plan for Microsoft 365 Defender connectors
Connect the Microsoft 365 Defender connector
Connect Microsoft Defender for Cloud connector
Connect Microsoft Defender for IoT
Connect Microsoft Defender legacy connectors
Connect Windows hosts to Microsoft Sentinel
Plan for Windows hosts security events connector
Connect using the Windows Security Events via AMA Connector
Connect using the Security Events via Legacy Agent Connector
Collect Sysmon event logs
Connect Common Event Format logs to Microsoft Sentinel
Plan for Common Event Format connector
Connect your external solution using the Common Event Format connector
Connect syslog data sources to Microsoft Sentinel
Plan for syslog data collection
Collect data from Linux-based sources using syslog
Configure the Data Collection Rule for Syslog Data Sources
Parse syslog data with KQL
Connect threat indicators to Microsoft Sentinel
Plan for threat intelligence connectors
Connect the threat intelligence TAXII connector
Connect the threat intelligence platforms connector
View your threat indicators with KQL
Threat detection with Microsoft Sentinel analytics
What is Microsoft Sentinel Analytics?
Types of analytics rules
Create an analytics rule from templates
Create an analytics rule from wizard
Manage analytics rules
Automation in Microsoft Sentinel
Understand automation options
Create automation rules
Security incident management in Microsoft Sentinel
Exercise - Set up the Azure environment
Understand incidents
Incident evidence and entities
Incident management
Identify threats with Behavioral Analytics
Understand behavioral analytics
Explore entities
Display entity behavior information
Use Anomaly detection analytical rule templates
Data normalization in Microsoft Sentinel
Understand data normalization
Use ASIM Parsers
Understand parameterized KQL functions
Create an ASIM Parser
Configure Azure Monitor Data Collection Rules
Query, visualize, and monitor data in Microsoft Sentinel
Exercise - Query and visualize data with Microsoft Sentinel Workbooks
Monitor and visualize data
Query data using Kusto Query Language
Use default Microsoft Sentinel Workbooks
Create a new Microsoft Sentinel Workbook
Manage content in Microsoft Sentinel
Use solutions from the content hub
Use repositories for deployment
Explain threat hunting concepts in Microsoft Sentinel
Understand cybersecurity threat hunts
Develop a hypothesis
Explore MITRE ATT&CK
Threat hunting with Microsoft Sentinel
Exercise setup
Explore creation and management of threat-hunting queries
Save key findings with bookmarks
Observe threats over time with livestream
Use Search jobs in Microsoft Sentinel
Hunt with a Search Job
Restore historical data
Hunt for threats using notebooks in Microsoft Sentinel
Access Azure Sentinel data with external tools
Hunt with notebooks
Create a notebook
Explore notebook code
Der Microsoft Security Operations Analyst arbeitet mit Projektbeteiligten im Unternehmen zusammen, um IT-Systeme des Unternehmens zu schützen. Ihr Ziel ist es, Risiken für das Unternehmen zu verringern, indem sie aktive Angriffe in der Umgebung schnell abwehren, Empfehlungen zur Verbesserung der Bedrohungsschutzmethoden aussprechen und Verstöße gegen die Unternehmensrichtlinien an die zuständigen Stellen weiterleiten. Zu den Zuständigkeiten gehören das Verwalten und Überwachen von sowie das Reagieren auf Bedrohungen durch den Einsatz einer Vielzahl von Sicherheitslösungen in ihrer Umgebung. Zu den Aufgaben dieser Rolle gehört in erster Linie das Untersuchen, Reagieren und Suchen nach Bedrohungen mithilfe von Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender und Sicherheitsprodukten von Drittanbietern. Da der Security Operations Analyst die operative Ausgabe dieser Tools nutzt, ist er auch ein wichtiger Stakeholder beim Konfigurieren und Bereitstellen dieser Technologien.
Grundkenntnisse über Microsoft 365 Grundlegendes Verständnis über Microsoft-Produkte zu Sicherheit, Compliance und Identität Fortgeschrittene Kenntnisse über Microsoft Windows Vertrautheit mit Azure-Diensten, insbesondere Azure SQL-Datenbank und Azure Storage Kenntnisse im Umgang mit virtuellen Azure-Computern und virtuellen Netzwerken Grundlegendes Verständnis der Konzepte zur Skripterstellung.
Microsoft Technik

2.590,00 

Startdatum und Ort wählen

Terminübersicht