Name: Microsoft Sentinel crash course - SIEM In Azure Cloud
Rating: 4.2 (381 reviews)

Udemy Business

Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Created byVarinder K

Last updated 4/2024

English

What you'll learn

Why Azure Sentinel
What is Azure Sentinel
Azure Sentinel prerequisites
Demo : Azure Sentinel prerequisites Setup
Azure Sentinel pricing Options
Azure Sentinel Portal Details
Azure Sentinel core operations Pillars
Threat Hunting With Azure Sentinel
Create intreactive dashboards with Sentinel Worksbooks
Automation of threat response using sentinel Playbooks
Incident investigation with Azure Sentinel

Course content

5 sections • 29 lectures • 2h 54m total length

Course Introduction3:28
Learn the fundamentals of Microsoft Sentinel in Azure cloud, including prerequisites, pricing, architecture, connectors and log analytics, and core operations from data collection to response, with hands-on demos and playbooks.
What is Azure Sentinel6:12
Discover how Azure Sentinel functions as a cloud-native SIEM that collects logs from multiple sources, including other clouds, enables machine learning analytics, and automates responses with playbooks and logic apps.
Need for Azure Sentinel7:48
Discover why Azure Sentinel is essential for modern SIEM, enabling cloud-wide data collection, connectors, and AI-driven alerting to protect against attacks and support digital transformation.
Azure Sentinel is set to Disrupt SOC4:01
Azure Sentinel disrupts the SOC by providing a central multi-cloud SIEM that analyzes security data across environments and uses log analytics to enable proactive monitoring and actionable alerts.
Quiz 1

Azure Sentinel prerequisites2:20
Prepare Azure Sentinel prerequisites: an active Azure subscription with a Log Analytics workspace, and contributor permissions at the subscription and resource group levels to enable data connections.
Demo : Azure Sentinel prerequisites Setup6:05
Ensure your Azure subscription is active, create a log analytics workspace, and attach Azure Sentinel. Grant Omid Kumar contributor access at the subscription and resource group levels.
Azure Sentinel pricing Options10:59
Azure Sentinel pricing offers pay-as-you-go and capacity reservation. Costs depend on data ingested for analysis and storage in log analytics, vary by region, and include 50–60% discounts via pricing calculator.
Demo : Azure Sentinel Portal/Blade Details7:20
Explore the Azure Sentinel portal by navigating overview, analytics, incidents, notebooks, workbooks, threat hunting, data connectors, and automation playbooks to monitor, investigate, and respond to security events.
Quiz 2

Azure Log analytics and Kusto Query Language5:23
Explore Azure log analytics and Kusto query language to collect, store, and analyze data from cloud and on-prem resources, create workbooks, and run interactive queries in a log analytics workspace.
Azure Workbooks in Sentinel7:12
Learn how Azure workbooks in Sentinel unify text, queries, and metrics into interactive dashboards. Create, save, and share workbooks to analyze threats, incidents, and network activity.
Azure Sentinel Playbooks7:00
Discover how Azure Sentinel playbooks automate security responses with logic apps, enabling manual or automatic actions on alerts, including IP blocking and notifications to security teams.
Azure Sentinel Connectors Overview5:58
Explore Azure Sentinel connectors to feed data from Microsoft services and Amazon Web Services into log analytics, and connect native, API-based, and agent-based sources to generate alerts and incidents.
Azure Sentinel Connectors Deep Dive6:09
Explore Azure Sentinel data connectors and how to ingest data from native Microsoft services, APIs, vendors, and on-premise agents to fuel alerts, incidents, and automated responses in Azure Sentinel.
Azure Sentinel Structure4:34
Explore how Azure Sentinel integrates with Log Analytics to ingest data from connectors and data sources, enabling dashboards, queries, playbooks, and automated investigations.
Quiz 3

Azure Sentinel core operations Pillars3:41
Azure Sentinel core operations organize into four pillars—collect, detect, investigate, and respond—driving data collection from multiple sources, ML-driven investigation, and automated responses via workbooks and logic apps.
Operations Pillar 1 - Collect4:48
Discover how Azure Sentinel collects security data from multiple sources via data connectors, supports common log format for easy integration, and extends retention from 31 to 730 days.
Demo : WAF and Security Event Connector (Connection with Microsoft Services)8:01
Connect web application firewall logs to Azure Sentinel using Microsoft connectors, enabling diagnostic logs and forwarding to a Log Analytics workspace, then monitor security events.
Demo : AWS CloudTrail Connector for Sentinel6:14
Connect AWS CloudTrail logs to Azure Sentinel using a CloudTrail connector, grant read-only permissions, and configure data connectors to enable log ingestion, correlation, and alerts.
Operations Pillar 2 - Detect4:10
Collect data from multiple sources, detect malicious activity with predefined templates or custom queries, and alert, create incidents, and automate responses with playbooks.
Demo : Detect suspicious activity in Azure AD and Create Alert9:21
Detect suspicious Azure AD activity and create a Sentinel alert by configuring data connectors, a Log Analytics workspace, and a custom analytic rule.
Operations Pillar 3 - Investigate6:06
Explore operations pillar 3 investigate, turning alerts into incidents and drilling down for context. Use playbooks for automated responses, assign incidents, and track attacker origin to understand the event.
Demo - Investigate Incident - User added/Removed from Global Admin7:26
Explore how to investigate incidents in Microsoft Sentinel by examining alerts for users added to or removed from the global admin group, using queries and the incident details.
Operations Pillar 4 - Respond6:43
Explore how to respond to security events in Microsoft Sentinel's operations pillar 4, using manual and automated playbooks to orchestrate alerts, incidents, and actions such as IP blocking.
Demo :Automate Response using Sentinel Playbook9:00
Explore automating responses with an Azure Sentinel playbook. Link analytics to incidents, test email notifications, and deploy or customize playbooks via the logic app designer from a GitHub repository.
Threat Hunting With Azure Sentinel4:00
Threat hunting with Azure Sentinel teaches proactive detection by querying across data sources, using built-in and custom queries, bookmarks, and notebooks to uncover attacks and shorten breach containment time.
Demo: Demo- Threat hunting for AWS IAM Policy Change.mov8:16
Learn to perform threat hunting with Microsoft Sentinel across AWS IAM policy changes using predefined and custom queries, bookmarks, and investigations.
Demo : Create Interactive Dashboards using Workbooks8:19
Create interactive dashboards in Azure Sentinel using workbooks, leveraging templates and data connectors, then save, share, and customize with text, queries, and metrics.
Mega Quiz

How to Remove Azure Sentinel3:09
Navigate to the Azure Sentinel workspace settings and remove Azure Sentinel, noting a 48-hour initial removal and a 30-day grace period for data, connectors, and cleanup of playbooks and notebooks.
Conclusion0:48
Celebrate completing the Microsoft Sentinel crash course - SIEM in Azure Cloud and your hard work in demos. Share feedback and a five-star rating via email to help add future lectures.

Requirements

Basic Knowledge of Azure Platform
Active Azure Subscription
Zeal to Learn and Explore

Description

Ann Johnson - Corporate Vice President - Cybersecurity Solutions Group said

I commonly hear from customers that they’re spending more time with deployment and maintenance of SIEM solutions, which leaves them unable to properly handle the volume of data or the agility of adversaries.
Traditional on-premises SIEMs require a combination of infrastructure costs and software costs, all paired with annual commitments or inflexible contracts. We are removing those pain points, since Azure Sentinel is a cost-effective, cloud-native SIEM with predictable billing and flexible commitments.

Azure Sentinel is a cloud-native security information and event management (SIEM) solution that provides real-time security insights and automated incident response. This training course will teach you how to implement and manage a cloud-native SIEM using Azure Sentinel.

Throughout the course, you will learn how to collect and analyze security logs from various sources, including cloud infrastructure, on-premises systems, and third-party services. You will also learn how to use Azure Sentinel's built-in analytics and machine learning capabilities to detect and investigate advanced threats.

The course will cover advanced techniques for integrating Azure Sentinel with other security tools and automating incident response. You will learn best practices for configuring Azure Sentinel to meet your organization's specific security needs, including compliance and governance requirements.

One of the main focus of the course is on Cloud SIEM and SOC operations, where you will learn how to use Azure Sentinel to monitor and protect your cloud infrastructure, and how to use Azure Sentinel to manage your security operations center (SOC). Additionally, you will learn how to leverage Azure Sentinel's built-in reporting and analytics capabilities to gain insights into your organization's security posture and track compliance with industry standards.

Throughout the course, you will also learn about security operations in the cloud era, and how Azure Sentinel can help you adapt your security operations to the unique challenges of the cloud. You will learn about the latest security threats and trends, and how Azure Sentinel can help you detect and respond to these threats in real-time.

Another focus of the course is on the integration and automation techniques that Azure Sentinel offers, where you will learn how to integrate Azure Sentinel with other security tools, such as Azure Security Center, Azure Active Directory, and Azure Policy. Additionally, you will learn how to use Azure Sentinel's built-in automation capabilities to streamline incident response and improve the efficiency of your SOC.

The course will also cover the usage of AI and ML in Cloud security, where you will learn how to leverage Azure Sentinel's built-in AI and ML capabilities to detect and respond to advanced threats in real-time. Additionally, you will learn how to use Azure Sentinel's built-in machine learning algorithms to detect anomalies and suspicious activity in your security logs.

Overall, this Azure Sentinel Training Course is designed to help security professionals, DevOps and SecOps, Managed Service Provider (MSPs) and Managed Security Service Provider (MSSPs) gain the knowledge and skills needed to implement and manage a cloud-native SIEM using Azure Sentinel. By the end of the course, you will be able to use Azure Sentinel to detect and respond to security threats in real-time, automate incident response, and gain insights into your organization's security posture. You will also be able to protect your cloud infrastructure and manage your SOC, and comply with industry standards.

Azure Sentinel Course is Divided to 5 Sections

Course Introduction
Getting started With Azure Sentinel
Azure Sentinel Basics
Working With Azure Sentinel Core Operations
Azure Sentinel Removal and Conclusion

Who this course is for:

Cloud Engineers
Cloud Architects
Cloud Operators
Security analyst
Azure security Engineer
Security Architects
Az-500 Aspirants
Cloud Operators

What you'll learn

Explore related topics

Course content

Introduction to Azure Sentinel4 lectures • 21min

Getting Started With Azure Sentinel4 lectures • 27min

Azure Sentinel Basics6 lectures • 36min

Working with Azure Sentinel Core Operations13 lectures • 1hr 26min

Azure Sentinel Removal and Conclusion2 lectures • 4min

Requirements

Description

Who this course is for: