
Kick off your Azure Sentinel journey by learning the basics in this beginner hands-on course, with a warm welcome and thanks for your support.
Log into Azure, navigate to resource groups, and create a new resource group named Azure Sentinel Training Lab in Australia East. Review and create to run validation and finalize deployment.
Deploy an Azure Log Analytics workspace to enable Sentinel, using the Azure portal to create a Log Analytics workspace in the Sentinel Training Lab resource group, and validate before deployment.
Learn how to install and deploy the Microsoft sentinel training lab solution, configure the training workspace and resource group, and understand deployment times from five to thirty minutes.
Apply Sentinel rbac at the resource group level to assign roles such as reader, responder, and contributor, detailing who can view, manage incidents, edit analytic rules, and configure data connectors.
Learn to use Azure Sentinel data connectors to ingest logs from diverse sources via Content Hub, install and connect the Azure Activity Data Connector, troubleshoot connectivity, and configure diagnostics.
Set up the Microsoft Threat Intelligence connector in Sentinel and link Pulse Dive to ingest threat indicators such as IPs, domains, URLs, and file hashes for real-time threat context.
Explore sentinel analytic rule types, including scheduled, near real-time, fusion, and anomaly rules. See how machine learning behavior analytics and threat intelligence enhance detections.
Create a near real-time rule in Microsoft Sentinel by configuring an NRT query rule, enabling analytics, incident settings, and saving a validated rule for near real-time alerts.
Enable the fusion rule in Microsoft Sentinel by using the fusion template in the analytics blade, then create, review, and save the multi-stage attack detection rule for the lab.
Create ML behavior analytics rules for RDP and SSH in Microsoft Sentinel using templates, enable them, and allow seven days to build a normal activity profile before they kick in.
Learn to conduct Azure Sentinel threat hunting with predefined queries, templates, and hunts, perform automation, investigation, and remediation, and escalate findings into incidents for SoC analysis.
Enable UEBA in Azure Sentinel, link Entra ID, and build baseline profiles to detect unusual user and entity behavior; create and promote custom anomaly rules into production.
Learn how to delete a Microsoft Sentinel workspace in this beginners hands-on training module efficiently.
This Microsoft Sentinel Hands-on course is setup with a completely FREE Microsoft Lab training Lab Solution. This course is designed for beginners to get you up and running with Azure Sentinel. The course covers everything from setting up the Azure Training Solutions Lab account to basic management of the platform with live-hands on demonstrations.
Throughout this course, you will learn how to create and manage Microsoft Sentinel, including the creation of log analytics workspace. You will also explore how to work with incidents and workbooks, as well as how to use the platform's analytics rules, and data connectors to detect and respond to potential threats.
The course also includes an overview of basic Cyber Security Overview, entity behavior analytics, threat intelligence and management, playbooks, Scheduled Analytic Rules, Data, Connectors, Alerts, Anomaly Detection, Workspaces, Deployment, Microsoft Sentinel roles and permissions.
The course features various hands on labs to get you up and running wit Azure Sentinel that will help you to better understand how to use the platform. You will learn how to create a Pulse-Dive user account (API-TAXII), analytics rules, investigate incidents, hunt for threats, and more.
Join me on this journey to get hands on experience in Azure with Microsoft Sentinel and level up in your career!