Kurser

4 dages kursus 
Læring inden for et specifikt emne

Microsoft Security Operations Analyst [SC-200T00]

22. august til 8. september 2023 Taastrup
22. august til 6. september 2023 Virtuelt kursus
12. - 27. oktober 2023 Aarhus
23. november til 12. december 2023 Aarhus
DKK  17.499
ekskl. moms
Nr. 90956 A

Lær at arbejde med sikkerhedsværktøjer i Azure og Microsoft 365. Bliv introduceret til Azure Sentinel, Azure Defender og Microsoft 365 Defender, og hvordan du afbøder cybertrusler ved hjælp af disse. Vi kigger på at konfigurere og bruge Azure Sentinel samt Kusto Query Language (KQL) til at udføre registrering, analyse og rapportering.

Vi har samlet alt til din læringsrejse

For at du får størst muligt udbytte af dit kursus, får du adgang til en læringsportal, der samler alt omkring dit kursus. Læs mere under Form.
 

Få papir på dine kompetencer

Efter kurset er der mulighed for at blive certificeretMicrosoft 365 Certified Security Operations Analyst Associate. Læs mere under afsnittet Certificering.

Deltagerprofil

Kurset er for dig, der arbejder med sikkerhed, mindskning af trusler og afbødningssystemer i Azure og Microsoft 365.

Forudsætninger

Du forventes at have deltaget på kurset Microsoft security, compliance, and identity SC-900T00, eller have tilsvarende viden samt kendskab til Azure-services især Azure SQL Database og Azure Storage, kendskab til virtuelle maskiner og netværk i Azure samt en grundlæggende forståelse for scripting-koncepter.

Udbytte

  • Bliv godt klædt på at til at arbejde med sikkerhedsværktøjer i Microsoft 365 og Azure
  • Lær, hvordan Microsoft Defender kan afhjælpe risici i dit miljø
  • Bliv i stand til at administrere et Microsoft Defender for Endpoint-miljø
  • Lær at konfigure regler for Attack Surface Reduction på Windows-enheder
  • Få muligheden for at blive Microsoft Certified: Security Operations Analyst Associate

Det får du på kurset

Vi sørger for at rammerne er i orden, så du kan fokusere på at lære

Efter du har fuldendt kurset, vil du modtage et kursusbevis.

Kursusbevis

Hos Teknologisk Institut bruger vi kun erfarne undervisere.

Erfaren underviser

Certificeret underviser.png

Certificeret underviser

På kurset får du morgenmad, frokost, snacks og drikkevarer.

Fuld forplejning

På kurset er der indtænkt øvelser og deltagerinddragelse.

Øvelser og inddragelse

Materiale på engelsk

Materiale på engelsk

Undervisning på dansk

Undervisning på dansk

Tæt på kursusstedet er der gratis parkering.

Gratis parkering

Indhold

Modul 1: Mitigate threats using Microsoft 365 Defender
  • Analyze threat data across domains and rapidly remediate threats with built-in orchestration and automation in Microsoft 365 Defender.
     
    - Introduction to threat protection with Microsoft 365
    - Mitigate incidents using Microsoft 365 Defender
    - Remediate risks with Microsoft Defender for Office 365
    - Microsoft Defender for Identity
    - Protect your identities with Azure AD Identity Protection
    - Microsoft Defender for Cloud Apps
    - Respond to data loss prevention alerts using Microsoft 365
    - Manage insider risk in Microsoft 365
Modul 2: Mitigate threats using Microsoft Defender for Endpoint
  • Implement the Microsoft Defender for Endpoint platform to detect, investigate, and respond to advanced threats.
     
    - Protect against threats with Microsoft Defender for Endpoint
    - Deploy the Microsoft Defender for Endpoint environment
    - Implement Windows security enhancements
    - Perform device investigations
    - Perform actions on a device
    - Perform evidence and entities investigations
    - Configure and manage automation
    - Configure for alerts and detections
    - Utilize Threat and Vulnerability Management
Modul 3: Mitigate threats using Azure Defender
  • Use Azure Defender integrated with Azure Security Center, for Azure, hybrid cloud, and on-premises workload protection and security. Learn the purpose of Azure Defender, Azure Defender's relationship to Azure Security Center, and how to enable Azure Defender. You will also learn about the protections and detections provided by Azure Defender for each cloud workload. Learn how you can add Azure Defender capabilities to your hybrid environment.

    - Plan for cloud workload protections using Azure Defender
    - Explain cloud workload protections in Azure Defender
    - Connect Azure assets to Azure Defender
    - Connect non-Azure resources to Azure Defender
    - Remediate security alerts using Azure Defender
Modul 4: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
  • Write Kusto Query Language (KQL) statements to query log data to perform detections, analysis, and reporting in Microsoft Sentinel. This learning path will focus on the most used operators. The example KQL statements will showcase security related table queries.
     
    - Construct KQL statements for Microsoft Sentinel
    - Analyze query results using KQL
    - Build multi-table statements using KQL
    - Work with string data in using KQL statements
Modul 5: Configure your Microsoft Sentinel environment
  • Get started with Microsoft Sentinel by properly configuring the Microsoft Sentinel workspace.
     
    - Introduction to Microsoft Sentinel
    - Create and manage Microsoft Sentinel workspaces
    - Query logs in Microsoft Sentinel
    - Use watchlists in Microsoft Sentinel
    - Utilize threat intelligence in Microsoft Sentinel
Modul 6: Connect logs to Microsoft Sentinel
  • Connect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds to Microsoft Sentinel.
     
    - Connect data to Microsoft Sentinel using data connectors
    - Connect Microsoft services to Microsoft Sentinel
    - Connect Microsoft 365 Defender to Microsoft Sentinel
    - Connect Windows hosts to Microsoft Sentinel
    - Connect Common Event Format logs to Microsoft Sentinel
    - Connect syslog data sources to Microsoft Sentinel
    - Connect threat indicators to Microsoft Sentinel
Modul 7: Create detections and perform investigations using Microsoft Sentinel
  • Detect previously uncovered threats and rapidly remediate threats with built-in orchestration and automation in Microsoft Sentinel.
     
    - Threat detection with Microsoft Sentinel analytics
    - Automation in Microsoft Sentinel
    - Threat response with Microsoft Sentinel playbooks
    - Security incident management in Microsoft Sentinel
    - Entity behavioral analytics in Microsoft Sentinel
    - Data normalization in Microsoft Sentinel
    - Query, visualize, and monitor data in Microsoft Sentinel
    - Manage content in Microsoft Sentinel
Modul 8: Perform threat hunting in Microsoft Sentinel
  • Proactively hunt for security threats using the Microsoft Sentinel powerful threat hunting tools.
     
    - Explain threat hunting concepts in Microsoft Sentinel
    - Threat hunting with Microsoft Sentinel
    - Use Search jobs in Microsoft Sentinel
    - Hunt for threats using notebooks in Microsoft Sentinel
     

Form

For at du får størst muligt udbytte af dit kursus, får du adgang til en læringsportal, der samler alt omkring dit kursus. Her får du et godt overblik over emnerne på kursusdagene, direkte adgang til kursusmaterialet opdelt efter emner, og koder til online labs, så du kan løse opgaver undervejs. Du får desuden adgang til udvalgt ekstra materiale. Du kan bruge platformen fra en browser, lige når det passer dig, og du har adgang i 180 dage efter dit kursus.

Certificering

Kurset er rettet mod eksamen SC-200 Microsoft Security Operations Analyst. Ved beståelse opnår du certificeringen Microsoft Certified: Security Operations Analyst Associate. Du skal bestille og betale for din eksamen særskilt.

Microsoft skriver dette om eksamen:

  • The Microsoft Security Operations Analyst collaborates with organizational stakeholders to secure information technology systems for the organization. Their goal is to reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders.
  • Responsibilities include threat management, monitoring, and response by using a variety of security solutions across their environment. The role primarily investigates, responds to, and hunts for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. Since the Security Operations Analyst consumes the operational output of these tools, they are also a critical stakeholder in the configuration and deployment of these technologies.
  • This exam measures your ability to accomplish the following technical tasks: mitigate threats using Microsoft 365 Defender; mitigate threats using Azure Defender; and mitigate threats using Azure Sentinel.

Læs mere om IT-certificering.

Underviser

Undervisningen varetages af en erfaren underviser fra Teknologisk Instituts netværk bestående af branchens dygtigste undervisere.

Vælg dato

Taastrup
22. august til 8. september 2023
Virtuelt kursus
22. august til 6. september 2023
Aarhus
12. - 27. oktober 2023
Aarhus
23. november til 12. december 2023
Virtuelt kursus
23. november til 12. december 2023

Vil du vide mere?

Microsoft Certificeringer - Få bevis på dine kompetencer

Microsoft Certificeringer der udbydes på Teknologisk Institut. Forstå hvor du befinder dig i certificeringsforløbet og hvad du mangler for at blive certificeret eksp...

Læs mere