Microsoft Sentinel course with hands on sims for beginners

Name: Microsoft Sentinel course with hands on sims for beginners
Price: 12.99 USD
Rating: 4.5 (518 reviews)

Learn how to expertly administer Microsoft Sentinel (including SOAR and SIEM) with hands on experience!

(518 ratings)

3,886 students

Created by John Christopher

Last updated 4/2025

English

English [Auto], Japanese [Auto],

What you'll learn

Learn the concepts and perform hands on activities needed to master Microsoft Sentinel (SOAR and SIEM)
Gain a tremendous amount of knowledge involving Microsoft Sentinel (SOAR and SIEM)
Learn using hands on simulations on how to manage Microsoft Sentinel (SOAR and SIEM)
Learn how to set up your own test lab for practicing the concepts!

Requirements

Willingness to put in the time and practice the steps shown in the course

Description

We really hope you'll agree, this training is way more than the average course on Udemy!

Have access to the following:

Training from an instructor of over 20 years who has trained thousands of people and also a Microsoft Certified Trainer
Lecture that explains the concepts in an easy to learn method for someone that is just starting out with this material
Instructor led hands on and simulations to practice that can be followed even if you have little to no experience

TOPICS COVERED INCLUDING HANDS ON LECTURE AND PRACTICE TUTORIALS:

Introduction

Welcome to the course
Understanding the Microsoft Environment
Foundations of Active Directory Domains
Foundations of RAS, DMZ, and Virtualization
Foundations of the Microsoft Cloud Services
DONT SKIP: The first thing to know about Microsoft cloud services
DONT SKIP: Azure AD is now renamed to Entra ID
Questions for John Christopher

Performing hands on activities

DONT SKIP: Using Assignments in the course
Creating a free Microsoft 365 Account
Getting your free Azure credit

Understanding and setting up a Microsoft Sentinel Workspace

Overview of Microsoft Sentinel
Configuring a Microsoft Sentinel workspace
Managing roles regarding Sentinel
Managing log types, log retention, and data storage in Sentinel

Working with data connectors and ingestion in Microsoft Sentinel

Microsoft Sentinel data source identification
Setting up connectors for ingesting data into Microsoft Sentinel
Connecting Sentinel with Microsoft 365 Defender and Defender for Cloud
Common Event Format (CEF) and Syslog event collections
Windows Security Event Collection setup in Microsoft Sentinel
Managing threat intelligence connectors in Microsoft Sentinel
Working with custom log tables

Using analytics rules in Microsoft Sentinel

Understanding analytics rules in Microsoft Sentinel
Fusion rule configuration
Security analytics rules
Working with scheduled query rules in Microsoft Sentinel
Custom scheduled query rules
Working with near-real-time (NRT) analytics rules
Content hub analytics rules
Watchlists in Microsoft Sentinel
Threat indicators in Microsoft Sentinel

Classification, normalization & security orchestration automated response (SOAR)

Working with using entities for classifying and analyzing data
Advanced Security Information Model(ASIM) queries with Microsoft Sentinel
ASIM parser management
Using automation rules
Using playbooks in Microsoft Sentinel
Automation rule triggering using analytic rules
Alert and incident playbook triggering

Dealing with Incidents and Workbooks for analyzes and interpretation of data

Incident generation in Microsoft Sentinel
Understanding the concepts of triaging incidents in Sentinel
Microsoft Sentinel incident investigation
How to respond to Microsoft Sentinel incidents
Multi-workspace incident investigation
Workbook template customization and management
Implementing custom workbooks in Microsoft Sentinel
Working with advanced visualizations

Threat hunting and entity behavior analytics in Microsoft Sentinel

MITRE ATT&CK attack vectors in Microsoft Sentinel
Using hunting queries from the content gallery
Hunting query customization
Data investigations with hunting bookmarks
Using Livestream to monitor hunting queries
How archived log data can be retrieved in Microsoft Sentinel
Search job management in Microsoft Sentinel
Entity Behavior Analytics settings
Entity page investigation of threats
Anomaly detection analytics rules in Microsoft Sentinel

Conclusion

Cleaning up your lab environment
Getting a Udemy certificate
BONUS Where do I go from here?

Who this course is for:

IT people interested in learning a tremendous amount about Microsoft Sentinel (SOAR and SIEM)

John Christopher

IT Engineer and Trainer for 25 Years in the industry

4.7 Instructor Rating
93,167 Reviews
254,223 Students
38 Courses

John Christopher is a Technical Instructor that has been in the business for 25 years. His first experience with information technology occurred in the early 90s when he ran an MS-DOS based BBS(Bulletin Board System) as a System Operator. In the late 90s, after working with Windows NT 3.50 performing backups for Regal Group, he decided to get Windows NT Microsoft Certified.

In 1998 he got his first Microsoft Certified Systems Engineer and Microsoft Certified Trainer certification. Shortly after getting certified, he began working as a Junior Administrator and Instructor for Knowledge Alliance. From there John was able to become one of the first people in the world to gain an MCSE for the Windows 2000 operating system and he began teaching full time for a company called Productivity Point International. At Productivity Point, John got Citrix Metaframe certified and began teaching Citrix along with Microsoft classes. Productivity Point began experiencing financial troubles and John moved on to work with another training company in 2001

For many years at the training company in Atlanta John was the network administrator and held the title of Senior Technical Instructor for the company. John designed and administered their network from the ground up, going from a single floor in a single building, to multiple floors in multiple buildings and locations. He furthered his certifications, gaining the MCSE for 2003, 2008(MCITP), 2012, A+, Network+, Security+, Exchange, and CCNA. Along with his Network admin duties, John taught hundreds of students during his 11 years for the company. During all his years of training, John has had the honor of doing lots of classes with the military, along with quite a few classes within on-site military bases. In 2012, he decided to break away from the company he had been working for and do consulting and contract teaching. Currently, John gets hired by many different training companies to teach technical training classes all over the United States. He is also hired as a consultant to go into companies and work on their networks and implement, along with troubleshoot real world scenarios.