Name: Microsoft Sentinel Advanced Course: Secure Azure Like a Pro
Rating: 4.6 (293 reviews)

Udemy Business

Teach on Udemy

Turn what you know into an opportunity and reach millions around the world.

Learn More

Your cart is empty.

Keep shopping

Created byPavel Hrabec

Last updated 3/2026

English

What you'll learn

Gain an understanding of Microsoft Sentinel Automation
Learn how to automate Microsoft Sentinel using ARM
Deploy SIEM using Infrastructure as Code
Integrate Azure DevOps and GitHub with Microsoft Sentinel
Configure a repository for Microsoft Sentinel
Deploy ARM templates from repositories
Generate ARM templates
Master Microsoft Sentinel pricing
Set up and optimize data connectors
Implement optimization strategies
Optimize data collection rules
Perform KQL Transformation
Perform cross-resource queries in Microsoft Sentinel

Course content

4 sections • 55 lectures • 3h 1m total length

Introduction to Microsoft Sentinel Automation2:11
Automating Sentinel with ARM, Bicep, Terraform, Powershell and API3:06
Demo: Infrastructure as Code in Seamless SIEM Deployment8:42
Deploy Microsoft Sentinel in Azure with an ARM template, configuring a cloud-native, code-driven monitoring solution featuring hundreds of detection rules, data retention, and analytics in minutes.
Unveiling the Magic of Deployment Scripts in Microsoft Sentinel2:08
Changes to Microsoft Sentinel and Lab Setup2:46
Introduction to New Security Portal Interface5:57
Demo: Fine-Tuning Microsoft Sentinel after ARM Deployment2:39
Explore how to fine-tune Microsoft Sentinel after ARM deployment by adjusting portal settings, enabling data sources, configuring playbook permissions, and wiring diagnostic settings to a log analytics workspace.
SIEM Deployment with Terraform and Bicep2:01
Effortless ARM Template Installation with Repositories1:44
Demo: Setting Up Azure DevOps Organization for Microsoft Sentinel2:00
Create an Azure DevOps organization, set up a Sentinel project and repository, initialize with a Readme file to establish main branch, and enable third party application access via organization settings.
Demo: Integrating Azure DevOps with Microsoft Sentinel2:43
Connect your Azure DevOps repository to Microsoft Sentinel via the deployment wizard, authorize your account, select organization and project, then deploy analytics, automation rules, inquiries, parsers, playbooks, and workbooks.
Azure DevOps Parallelism Challenges in Microsoft Sentinel1:47
Demo: Setting up Repository in GitHub for Microsoft Sentinel1:02
Demo: Integrating GitHub with Microsoft Sentinel2:01
Connect a GitHub repository to Microsoft Sentinel by adding a GitHub connection, installing the Azure Sentinel for GitHub app, and selecting repositories for deployment.

Introduction to Mastering GitHub Repository for Security1:17
Demo: Deploying Microsoft Sentinel Analytics Rule from Repository5:38
Demo: Verifying Content Status in Microsoft Sentinel1:44
Demo: Fixing Pipeline Errors in Microsoft Sentinel Upload Process2:21
Tracking ARM Template Changes in Repository3:48
Track ARM template changes in a repository using a tracking table to deploy only updated or newly created analytics rules, improving pipeline efficiency.
Demo: Configuring Local Repository for Microsoft Sentinel3:18
Demo: Deploying Microsoft Sentinel Playbook from Computer to the Cloud3:48
Demo: Deploying ARM templates from Repository4:37
Validating ARM Deployment in Azure Portal3:03
Demo: How to Deploy Unsupported Artifact to Azure4:00
Learn to deploy an unsupported artifact, a watch list, to Azure Sentinel using a modified PowerShell script and pipeline updates.
Understanding Microsoft Sentinel Artifact Order2:28
Demo: Optimizing Microsoft Sentinel as Code Deployment1:35
Conclusion of Infrastructure as Code with Microsoft Sentinel1:12

Introduction1:08
ARM Templates Structure and Components3:32
ARM Templates Formatting and Parameters2:50
Explore arm templates formatting and parameters for azure sentinel, including schema, content version, workspace parameter in pipelines, and using concat to generate unique resource names for watchlists and automation rules.
Demo: Generate ARM Template for Analytics Rule4:07
Generate an ARM template for analytics rule in Azure Sentinel, export from the portal, and deploy via repository using the workspace parameter with version control and descriptive naming.
Demo: Generate ARM Template for Workbook4:47
Demo: Generate ARM Template for Playbook with Script5:30
Demo: Generate ARM Template for Automation Rule4:46
Learn to generate a reusable arm template for automation rules (and analytics rules) using api calls, extract the properties section, and adapt it across environments.
Demo: Generate ARM Template for Automation Rule with Script3:25
Demonstrate generating an arm template for automation rules with a PowerShell script, authenticate, set your workspace and resource group, and download ready templates for Azure Sentinel.
Demo: Generate ARM Template for Parser, Hunting Query and Watchlist3:24
ARM Template Resource Hub2:28
Access the official Microsoft Sentinel GitHub page for up-to-date arm templates and configurations to deploy Sentinel at scale, with a catalog of playbooks and analytics rules.

Introduction to Cost Optimization1:08
Mastering Microsoft Sentinel Pricing4:27
Exceptions to Microsoft Sentinel Pricing2:45
Explore exceptions to Microsoft Sentinel pricing, including free ten gigabytes per day for 31 days, data grants for Microsoft 365 licenses, and free ingestion for select Microsoft logs.
Demo: Microsoft Sentinel Pricing Calculator3:16
Explore using the Microsoft Sentinel pricing calculator to estimate costs by region and log inputs, including retention, data ingestion, restore, and search options, with cautions about misreadings and price changes.
Demo: Data Connector Management1:48
Demo: Setting Up Data Connectors4:09
Set up data connectors in the Microsoft Sentinel Content Hub. Create a VM and configure a data collection rule for Windows security events via the AMA agent, with cost considerations.
Simplify Cost Tracking for Microsoft Sentinel5:10
Demo: Optimization Strategies for Significant Cost Savings9:08
Understanding Basics Logs1:23
Demo: Setting up Basics Logs in Microsoft Sentinel3:51
Demo: Maximizing Basics Logs Search4:47
Demo: Optimizing Data Collection Rules4:49
Demo: KQL Transformation for Windows Events2:24
Exploring Azure Data Explorer2:06
Demo: Ingesting Logs into Azure Data Explorer from Azure Storage5:48
Cross Resource Query in Microsoft Sentinel2:30
Conclusion2:25
BONUS: Become AI Security Expert4:08

Requirements

Microsoft Sentinel Basics

Description

Elevate your cloud security expertise to new heights as you seamlessly integrate Microsoft Sentinel into your Azure based workflows with GitHub. Harness essential tools like ARM, Bicep, Terraform, PowerShell, APIs and automate deployment process for security operations in Azure.

Through hands-on experiences, you'll become adept at deploying critical components such as analytics rules, workbooks, playbooks and many more Microsoft Sentinel artifacts. Everything managed from a centralized repository through the efficiency of CI/CD pipeline, optimizing your cloud security strategy while streamlining operations.

Once you grasp the foundations of automation, you'll dive deeper into the heart of Azure infrastructure management with ARM templates. You will master the art of infrastructure as code for Microsoft Sentinel, ensuring that your cloud environment is not only secure but also highly efficient.

You'll also gain valuable insights into cost optimization strategies, ensuring that you can effectively secure your cloud environment while maximizing cost savings in Azure Cloud.

In essence, this course serves as your gateway to becoming a proficient cloud security architect expert within the Azure cloud ecosystem. It seamlessly combines essential integration skills, practical deployment experiences, automation mastery, infrastructure management, log analysis, and cost optimization into a comprehensive learning journey.

You will work with tools concepts and technologies such as CI/CD Pipeline, Infrastructure as Code, Azure DevOps, GitHub, ARM, Biceps, Terraform, Powershell, KQL, Basics Logs Search, KQL Transformation, Data Ingestion, Cross resource query, Azure Data Explorer and many more.

Don't let this opportunity pass you by. Elevate your expertise in Azure cloud security today and position yourself as a valuable asset in the ever-evolving landscape of cloud computing.

Who this course is for:

Security Professionals looking to enhance their skills in automating Microsoft Sentinel
Azure Administrators and Cloud Engineers interested in optimizing security operations
IT and Security Managers seeking to streamline SIEM deployment and cost-effectiveness
DevOps Engineers wanting to integrate security practices into their DevOps pipelines
Cybersecurity Analysts aiming to improve incident response using Microsoft Sentinel
System Administrators interested in mastering Infrastructure as Code (IaC) techniques
Security Architects seeking to design secure and cost-efficient Azure environments
Students and Enthusiasts eager to build expertise in Microsoft Sentinel and ARM templates
Anyone interested in improving their knowledge of Microsoft Azure security operations

What you'll learn

Explore related topics

Course content

Automate Microsoft Sentinel Integration with Code14 lectures • 41min

Advanced Infrastructure as Code with Microsoft Sentinel13 lectures • 39min

Mastering ARM Templates10 lectures • 36min

Lower Cost in Azure for Security Operations18 lectures • 1hr 6min

Requirements

Description

Who this course is for: