Become an Azure Sentinel Ninja: The complete level 400 training

This training program includes 16 modules. For each module, the post includes a presentation, preferably recorder (when still not, we are working on the recording) as well as supporting information: relevant product documentation, blog posts, and other resources. 


The modules listed below are split into five groups following the life cycle of a SOC:



- Module 1: Technical overview

- Module 2: Azure Sentinel role

Designing  Your Deployment

- Module 3: Cloud architecture and multi-workspace/tenant support

- Module 4: Collecting events

- Module 5: Log Management

- Module 6: Integrating threat intelligence

Creating Content

- Module 7: Kusto Query Language (KQL) - the starting point

- Module 8: Writing rules to implement detection

- Module 9: Creating playbooks to implement SOAR

- Module 10: Creating workbooks to implement dashboards and apps

- Module 11: Implementing use cases

Security Operations

- Module 12: A day in a SOC analyst's life, incident management, and investigation

- Module 13: Hunting

Advanced Topics

- Module 14: Automating and integrating 

- Module 15: Roadmap - since it requires an NDA, contact your Microsoft contact for details.

- Module 16: Where to go next?

Visitor 1

Microsoft's new cloud-native latest

  1. Power Dataflex Platform
  2. Customer Voice survey of the Deeper embedding
  3. Dataflex Using SQL For Dynamic 365
  4. Marketing Events For Dynamics 365

Level 2 Contributor

The modules listed below are split into five groups following the life cycle of a SOC:


 Part 1: Overview

 Part 2: Architecting & Deploying

 Part 3: Creating Content

Part 4: Operating

Part 5: Advanced Topics

Level 1 Contributor

life cycle of a SOC module divided into 5 parts


 Part 1: The Overview

 Part 2: Deploying and Architecting

 Part 3: Content Creating

Part 4: Operating Creating

Part 5: Topic Advances