Become an Azure Sentinel Ninja: The complete level 400 training
This training program includes 16 modules. For each module, the post includes a presentation, preferably recorder (when still not, we are working on the recording) as well as supporting information: relevant product documentation, blog posts, and other resources.
The modules listed below are split into five groups following the life cycle of a SOC:
- Module 1: Technical overview
- Module 2: Azure Sentinel role
Designing Your Deployment
- Module 3: Cloud architecture and multi-workspace/tenant support
- Module 4: Collecting events
- Module 5: Log Management
- Module 6: Integrating threat intelligence
- Module 7: Kusto Query Language (KQL) - the starting point
- Module 8: Writing rules to implement detection
- Module 9: Creating playbooks to implement SOAR
- Module 10: Creating workbooks to implement dashboards and apps
- Module 11: Implementing use cases
- Module 12: A day in a SOC analyst's life, incident management, and investigation
- Module 13: Hunting
- Module 14: Automating and integrating
- Module 15: Roadmap - since it requires an NDA, contact your Microsoft contact for details.
- Module 16: Where to go next?
Explore the latest enhancements in Microsoft's new cloud-native SIEM which include
- Microsoft Teams integration into Dynamics 365 for Marketing Events
- SQL for Dynamics 365 using Dataflex
- Deeper embedding of the Customer Voice survey application into Dynamics 365
- Power Platform/Dataflex.
These new topics are added to the life cycle of a SOC.