Become an Azure Sentinel Ninja: The complete level 400 training

This training program includes 16 modules. For each module, the post includes a presentation, preferably recorder (when still not, we are working on the recording) as well as supporting information: relevant product documentation, blog posts, and other resources. 


The modules listed below are split into five groups following the life cycle of a SOC:



- Module 1: Technical overview

- Module 2: Azure Sentinel role

Designing  Your Deployment

- Module 3: Cloud architecture and multi-workspace/tenant support

- Module 4: Collecting events

- Module 5: Log Management

- Module 6: Integrating threat intelligence

Creating Content

- Module 7: Kusto Query Language (KQL) - the starting point

- Module 8: Writing rules to implement detection

- Module 9: Creating playbooks to implement SOAR

- Module 10: Creating workbooks to implement dashboards and apps

- Module 11: Implementing use cases

Security Operations

- Module 12: A day in a SOC analyst's life, incident management, and investigation

- Module 13: Hunting

Advanced Topics

- Module 14: Automating and integrating 

- Module 15: Roadmap - since it requires an NDA, contact your Microsoft contact for details.

- Module 16: Where to go next?

Level 3 Contributor

Explore the latest enhancements in  Microsoft's new cloud-native SIEM which include

  1. Microsoft Teams integration into Dynamics 365 for Marketing Events
  2. SQL for Dynamics 365 using Dataflex
  3. Deeper embedding of the Customer Voice survey application into Dynamics 365
  4. Power Platform/Dataflex.

These new topics are added to the life cycle of a SOC.



Visitor 1

Microsoft's new cloud-native latest

  1. Power Dataflex Platform
  2. Customer Voice survey of the Deeper embedding
  3. Dataflex Using SQL For Dynamic 365
  4. Marketing Events For Dynamics 365