SC-200: Microsoft Security Operations Analyst [Video]
Video
Video
$54.99
Subscription
$15.99
$10 p/m for three months
What do you get with a Packt Subscription?
This book & 7000+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with a Packt Subscription?
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with Video + Subscription?
Download this video in MP4 format, plus a monthly download credit
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with a Packt Subscription?
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with eBook?
What do I get with Print?
Get a paperback copy of the book delivered to your specified Address*
Download this book in EPUB and PDF formats
Access this title in our online reader
DRM FREE - Read whenever, wherever and however you want
Online reader with customised display settings for better reading experience
What do I get with Print?
What do you get with video?
What do you get with video?
What do you get with Audiobook?
What do you get with Exam Trainer?
Video
$54.99
Subscription
$15.99
$10 p/m for three months
What do you get with a Packt Subscription?
This book & 7000+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with a Packt Subscription?
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with Video + Subscription?
Download this video in MP4 format, plus a monthly download credit
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with a Packt Subscription?
This book & 6500+ ebooks & video courses on 1000+ technologies
60+ curated reading lists for various learning paths
50+ new titles added every month on new and emerging tech
Early Access to eBooks as they are being written
Personalised content suggestions
Customised display settings for better reading experience
50+ new titles added every month on new and emerging tech
Playlists, Notes and Bookmarks to easily manage your learning
Mobile App with offline access
What do you get with eBook?
Download this book in EPUB and PDF formats
Access this title in our online reader
DRM FREE - Read whenever, wherever and however you want
Online reader with customised display settings for better reading experience
What do I get with Print?
Get a paperback copy of the book delivered to your specified Address*
Download this book in EPUB and PDF formats
Access this title in our online reader
DRM FREE - Read whenever, wherever and however you want
Online reader with customised display settings for better reading experience
What do I get with Print?
Get a paperback copy of the book delivered to your specified Address*
Access this title in our online reader
Online reader with customised display settings for better reading experience
What do you get with video?
Download this video in MP4 format
Access this title in our online reader
DRM FREE - Watch whenever, wherever and however you want
Online reader with customised display settings for better learning experience
What do you get with video?
Stream this video
Access this title in our online reader
DRM FREE - Watch whenever, wherever and however you want
Online reader with customised display settings for better learning experience
What do you get with Audiobook?
Download a zip folder consisting of audio files (in MP3 Format) along with supplementary PDF
What do you get with Exam Trainer?
Flashcards, Mock exams, Exam Tips, Practice Questions
Access these resources with our interactive certification platform
Mobile compatible-Practice whenever, wherever, however you want
-
Free ChapterIntroduction
-
Module 1- Mitigate Threats Using Microsoft 365 Defender
- Module 1 - Learning Objectives
- Introduction to Threat Protection
- Microsoft 365 Defender Suite
- Typical Timeline of an Attack
- Microsoft 365 Defender - Interactive Demonstration
- Mitigate Incidents Using Microsoft 365 Defender - Chapter Introduction
- How to Create Your Playground - Lab Environment
- Microsoft 365 Defender Portal - Introduction
- Managing Incidents
- More about Incidents
- Simulate Incidents - Tor Browser
- Managing Incidents
- Managing Alerts
- Investigating Incidents - MITRE ATT-A-CK
- Advance Hunting
- Advance Hunting Schema
- Exploring the Kusto Queries
- Microsoft Threat Experts
- Microsoft Defender for Office 365 - Chapter Introduction
- Microsoft Defender for Office 365 - Key Capabilities
- Microsoft Defender for Office 365 - Key Capabilities - II
- Safeguard Your Organization- M365 Defender for O365 - Lab I
- Safeguard Your Organization- M365 Defender for O365 - Lab II
- Attack Simulation - Lab Activity
- Microsoft Defender for Identity - Introduction
- What Is Microsoft Defender for Identity
- Microsoft Defender for Identity - Key Capabilities
- Installing Sensors on Domain Controller - 1
- Installing Sensors on Domain Controller - 2
- Capturing Lateral Movements
- Threat Hunting Lab
- Microsoft Defender for Identity Sensors - Architecture
- Protect Your Identities with Azure AD Identity Protection - Introduction
- User Risks and Sign-In Risks
- User Risk Policy and Sign-In Risk Policy - Lab Activity
- Cloud App Security - Introduction
- The Cloud App Security Framework
- Conditional Access App Controls
- What Is Information Protection?
- Insider Risk Management - Enable Auditing
- Phases of Cloud App security
- Cloud App security Phases - Lab Activity
- Data Loss Prevention - Chapter Introduction
- DLP Alerts
- Create Policies for DLP in Compliance Portal
- Insider Risk Management
- What Is Insider Risk
- Pain Points of a Modern Workplace
- Insider Risk management with M365 Defender
- Insider Risk Management - Permissions
- Module 1 - Summary
-
Module 2 - Mitigate Threats Using Microsoft Defender for Endpoint
- Module 2 - Introduction
- Defender for Endpoint - Features
- Defender for Endpoint - Terminology
- Onboarding Devices to Defender
- Windows 10 Security Enhancements - Chapter Introduction
- Attack Surface Reduction Rules
- Attack Surface Rules
- Device Inventory
- Device Investigation -Alerts
- Behavioral Blocking
- Client Behavioral Blocking
- EDR- Block Mode
- EDR- Block Mode - Lab Activity
- Performing Actions on the Device
- Live Response
- Perform Evidence and Entities Investigations
- User Investigations
- Advance Automated Remediation Features - Endpoint
- Managing File Uploads
- Automation Folder Exclusion
- File Level Investigation
- Automating Device Group Remediation
- Blocking Risky Devices Using Intune, Defender, and Azure AD
- Configure Alerts and Detections - Chapter Introduction
- Configuring Advance Features
- Configuring Email Notifications
- Indicators of Compromise
- Threat and Vulnerability Management - Chapter Introduction
- Threat and Vulnerability Management - Explanation
- Module 2 - Summary
-
Module 3 - Mitigate Threats Using Microsoft Defender for Cloud
- Module 3 - Introduction
- What Is Azure Security Center
- Microsoft Defender for Cloud - Features
- Azure Defender for Cloud - Lab Activity
- CSPM and CWP
- Which Resources Are Protected Using Microsoft Defender
- Benefits of Azure Defender for Servers
- Defender for App Services
- Defender for App Services - Lab
- Defender for Storage - Lab
- Defender for SQL - Lab
- Defender for Keyvault
- Defender for DNS
- Defender for Kubernetes
- Defender for Container Registry
- Connect Azure Assets to Azure Defender- Chapter Introduction
- Asset Inventory - Lab
- Auto-Provisioning
- Stored Event Types
- Manual Provisioning
- Connect Non-Azure Resources to Defender
- Onboarding Methods
- Onboard GCP Instance to Azure ARC
- Onboarding AWS Services to Defender Cloud
- Remediating Security Alerts- Chapter Introduction
- Changing World and Attackers
- What Are Security Alerts and Notifications
- How Does a Defender Work?
- Alert Severity Level
- Continuous Monitoring and Assessments
- MITRE Attack Tactics and Alert Types
- Remediating Alerts
- Automated Responses
- Alert Suppression
- Module 3 - Summary
-
Module 4 - Create Queries for Microsoft Sentinel Using Kusto Query Language
- Module 4 - Introduction
- The Construct of KQL Language
- The Lab Environment
- Declaring Variables with Let
- Search and Where Operator
- Extend Operator
- Order by Usage
- Project Operator
- Summarize, Count, and DCount Functions
- Arg_Max and Arg_Min Functions
- Make_List and Make_Set Functions
- Render Operator
- Bin Function
- Union Operator
- Module 4 Summary
-
Module 5 - Microsoft Sentinel Environment - Configuration
- What Is a SIEM Solution
- What Is Microsoft Sentinel
- Microsoft Sentinel - Components
- Data Connectors
- Log Retention
- Workbooks
- Analytics Alerts
- Threat Hunting
- Incidents and Investigations
- Automation Playbooks
- Creating Azure Sentinel Workspace
- Azure Sentinel - RBAC
- Data Connectors
- Onboarding Windows host to Sentinel
- Ingesting Events to Sentinel
- Sentinel Watchlist
- Sentinel - Creating a Watchlist for Tor Nodes-Edited
- Sentinel - Create Hunting Query
- Sentinel - Live Stream
- Sentinel - Capturing Traffic from TOR Exit Nodes
- Sentinel - Create Analytical Rules
- Analytical Rule Type - Fusion
- Analytical Rule Types - Security Types
- Analytical Rule Types - ML-Based Behavioral Analytics
- Analytical Rule Types - Anomaly, Scheduled Alerts, and NRT
- Creating Analytics Rules Based on Template
- Creating Analytic Rules Based on Wizard
- Managing the Rules
- Define Threat Intelligence - CTI
- Create TI - Lab Activity
-
Module 6 - Microsoft Sentinel Environment - Connecting Logs
-
Module 7 - Microsoft Sentinel Environment - Incidents, Threat Response, UEBA, and Monitoring
- Module 7 Introduction
- Key Concepts of Incident Management - I
- Investigations in Azure Sentinel
- Key Concepts of Incident Management - II
- Incident Management in Microsoft Sentinel - I
- Incident Management in Microsoft Sentinel - II
- Brute Force Attack against Azure Portal - Simulation
- Threat Response with Microsoft Sentinel Playbooks - Introduction/Use Case
- Step 1 - Creating Analytical Rule to Look for Role Membership Changes
- Step 2 - Integrate Log Analytics with Azure AD Audit Logs
- Step 3 - Verify Log Analytics
- Step 4 - Incident Creation in Sentinel
- Step 5 - Create Logic App to Integrate with Microsoft Teams
- Step 6 - Edit Analytical Rule to Add Logic App - Playbooks
- Testing the Integration
- UEBA - User Entity Behavior Analytics - Introduction
- Entity Behavior Lab -I
- Entity Behavior Lab -II
- Workbooks - Introduction
- Create Workbooks Using Template
- Create Workbook from scratch
-
Module 8 - Perform Threat Hunting with Microsoft Sentinel
-
SC 200 - Microsoft Security Operations Analyst - Course Summary
About this
video
The Microsoft security operations analyst works with organizational stakeholders to secure the organization’s information technology systems. Its mission is to reduce corporate risk by quickly resolving active attacks in the environment, advising on threat protection practices, and reporting policy violations to the proper stakeholders.
Threat management, monitoring, and response using a variety of security technologies across their environment are among their responsibilities. Using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security tools, the position primarily investigates, responds to, and hunts for threats. The security operations analyst is a key stakeholder in the configuration and implementation of these technologies as they consume the operational output of these solutions.
This course starts by mitigating threats using Microsoft 365 Defender following which we will move on to module 2: mitigate threats using Microsoft Defender for Endpoint and module 3: mitigate threats using Azure Defender. Module 4 is all about creating queries for Azure Sentinel using Kusto query language whilst module 5 will be based on Microsoft Sentinel environment – configuration.
Furthermore, module 6 will be about the Microsoft Sentinel environment - connecting logs. Post which, we will understand module 7 Microsoft Sentinel environment - incidents, threat response, UEBA, and monitoring. We will be wrapping up the course by understanding how to perform threat hunting with Microsoft Sentinel, which will be our 8th module.
By the end of the course, you will gain the requisite knowledge and confidence to pass the SC-200: Microsoft Security Operations Analyst Exam.
All resources to this course are placed here: https://github.com/PacktPublishing/SC-200-Microsoft-Security-Operations-Analyst
- Publication date:
- June 2022
- Publisher
- Packt
- Duration
- 13 hours 1 minutes
- ISBN
- 9781804611777