Kurser

4 dages kursus 
Læring inden for et specifikt emne

Microsoft Security Operations Analyst [SC-200T00]

18. januar til 2. februar 2024 Taastrup
7. - 20. marts 2024 Aarhus
25. april til 7. maj 2024 Taastrup
6. - 20. juni 2024 Aarhus
Flere datoer
DKK  17.999
ekskl. moms
Nr. 90956 A
Tilmeld dig

Lær at arbejde med sikkerhedsværktøjerne i Azure og Microsoft 365 ved hjælp af Microsoft Sentinel, Microsoft Defender for Cloud og Microsoft 365 Defender, og hvordan du afbøder cybertrusler ved hjælp af disse teknologier. Du lærer også at konfigurere og bruge Azure Sentinel samt Kusto Query Language (KQL) til registrering, analyse og rapportering.

Vi har samlet alt til din læringsrejse

For at du får størst muligt udbytte af dit kursus, får du adgang til en læringsportal, der samler alt omkring dit kursus. Læs mere under Form.
 

Få papir på dine kompetencer

Efter kurset er der mulighed for at blive certificeretMicrosoft 365 Certified Security Operations Analyst Associate. Læs mere under afsnittet Certificering.

Deltagerprofil

Kurset er for dig, der arbejder med sikkerhed, mindskning af trusler og afbødningssystemer i Azure og Microsoft 365.

Forudsætninger

Du forventes at have deltaget på kurset Microsoft security, compliance, and identity SC-900T00, eller have tilsvarende viden samt kendskab til Azure-services især Azure SQL Database og Azure Storage, kendskab til virtuelle maskiner og netværk i Azure samt en grundlæggende forståelse for scripting-koncepter.

Udbytte

  • Bliv godt klædt på at til at arbejde med sikkerhedsværktøjer i Microsoft 365 og Azure
  • Lær, hvordan Microsoft 365 Defender kan afhjælpe risici i dit miljø
  • Bliv i stand til at administrere Microsoft Defender for Endpoint
  • Lær at arbejde med Microsoft Defender for Cloud, Microsoft Sentinel og Kusto Query Language

Det får du på kurset

Vi sørger for at rammerne er i orden, så du kan fokusere på at lære

Efter du har fuldendt kurset, vil du modtage et kursusbevis.

Kursusbevis

Hos Teknologisk Institut bruger vi kun erfarne undervisere.

Erfaren underviser

Certificeret underviser.png

Certificeret underviser

På kurset får du morgenmad, frokost, snacks og drikkevarer.

Fuld forplejning

På kurset er der indtænkt øvelser og deltagerinddragelse.

Øvelser og inddragelse

Materiale på engelsk

Materiale på engelsk

Undervisning på dansk

Undervisning på dansk

Tæt på kursusstedet er der gratis parkering.

Gratis parkering

Indhold

Modul 1: Mitigate threats using Microsoft 365 Defender
  • Analyze threat data across domains and rapidly remediate threats with built-in orchestration and automation in Microsoft 365 Defender.
     
    - Introduction to Microsoft 365 threat protection
    - Mitigate incidents using Microsoft 365 Defender
    - Protect your identities with Azure AD Identity Protection
    - Remediate risks with Microsoft Defender for Office 365
    - Safeguard your environment with Microsoft Defender for Identity
    - Secure your cloud apps and services with Microsoft Defender for Cloud Apps
Modul 2 Mitigate threats using Microsoft Purview
  • In this Learning Path we focus on Microsoft Purview's risk and compliance solutions that assist security operations analysts detect threats to organizations and identify, classify, and protect sensitive data, as well as monitor and report on compliance.

    - Respond to data loss prevention alerts using Microsoft 365
    - Manage insider risk in Microsoft Purview
    - Investigate threats by using audit features in Microsoft 365 Defender and Microsoft Purview Standard
    - Investigate threats using audit in Microsoft 365 Defender and Microsoft Purview (Premium)
    - Investigate threats with Content search in Microsoft Purview
Modul 3: Mitigate threats using Microsoft Defender for Endpoint
  • Implement the Microsoft Defender for Endpoint platform to detect, investigate, and respond to advanced threats.
     
    - Protect against threats with Microsoft Defender for Endpoint
    - Deploy the Microsoft Defender for Endpoint environment
    - Implement Windows security enhancements with Microsoft Defender for Endpoint
    - Perform device investigations in Microsoft Defender for Endpoint
    - Perform actions on a device using Microsoft Defender for Endpoint
    - Perform evidence and entities investigations using Microsoft Defender for Endpoint
    - Configure and manage automation using Microsoft Defender for Endpoint
    - Configure for alerts and detections in Microsoft Defender for Endpoint
    - Utilize Threat and Vulnerability Management in Microsoft Defender for Endpoint
Modul 4: Mitigate threats using Microsoft Defender for Cloud
  • Use Microsoft Defender for Cloud, for Azure, hybrid cloud, and on-premises workload protection and security.

    - Plan for cloud workload protections using Microsoft Defender for Cloud
    - Connect Azure assets to Microsoft Defender for Cloud
    - Connect non-Azure resources to Microsoft Defender for Cloud
    - Manage your cloud security posture management
    - Explain cloud workload protections in Microsoft Defender for Cloud
    - Remediate security alerts using Microsoft Defender for Cloud
Modul 5: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
  • Write Kusto Query Language (KQL) statements to query log data to perform detections, analysis, and reporting in Microsoft Sentinel. This learning path will focus on the most used operators. The example KQL statements will showcase security related table queries.
     
    - Construct KQL statements for Microsoft Sentinel
    - Analyze query results using KQL
    - Build multi-table statements using KQL
    - Work with string data in using KQL statements
Modul 6: Configure your Microsoft Sentinel environment
  • Get started with Microsoft Sentinel by properly configuring the Microsoft Sentinel workspace.
     
    - Introduction to Microsoft Sentinel
    - Create and manage Microsoft Sentinel workspaces
    - Query logs in Microsoft Sentinel
    - Use watchlists in Microsoft Sentinel
    - Utilize threat intelligence in Microsoft Sentinel
Modul 7: Connect logs to Microsoft Sentinel
  • Connect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds to Microsoft Sentinel.
     
    - Connect data to Microsoft Sentinel using data connectors
    - Connect Microsoft services to Microsoft Sentinel
    - Connect Microsoft 365 Defender to Microsoft Sentinel
    - Connect Windows hosts to Microsoft Sentinel
    - Connect Common Event Format logs to Microsoft Sentinel
    - Connect syslog data sources to Microsoft Sentinel
    - Connect threat indicators to Microsoft Sentinel
Modul 8: Create detections and perform investigations using Microsoft Sentinel
  • Detect previously uncovered threats and rapidly remediate threats with built-in orchestration and automation in Microsoft Sentinel.
     
    - Threat detection with Microsoft Sentinel analytics
    - Automation in Microsoft Sentinel
    - Threat response with Microsoft Sentinel playbooks
    - Security incident management in Microsoft Sentinel
    - Identify threats with behavioral analyticsl
    - Data normalization in Microsoft Sentinel
    - Query, visualize, and monitor data in Microsoft Sentinel
    - Manage content in Microsoft Sentinel
Modul 9: Perform threat hunting in Microsoft Sentinel
  • Proactively hunt for security threats using the Microsoft Sentinel powerful threat hunting tools.
     
    - Explain threat hunting concepts in Microsoft Sentinel
    - Threat hunting with Microsoft Sentinel
    - Use Search jobs in Microsoft Sentinel
    - Hunt for threats using notebooks in Microsoft Sentinel
    - Who hacked cloud game
     

Form

For at du får størst muligt udbytte af dit kursus, får du adgang til en læringsportal, der samler alt omkring dit kursus. Her får du et godt overblik over emnerne på kursusdagene, direkte adgang til kursusmaterialet opdelt efter emner, og koder til online labs, så du kan løse opgaver undervejs. Du får desuden adgang til udvalgt ekstra materiale. Du kan bruge platformen fra en browser, lige når det passer dig, og du har adgang i 180 dage efter dit kursus.

Certificering

Kurset er rettet mod eksamen SC-200 Microsoft Security Operations Analyst. Ved beståelse opnår du certificeringen Microsoft Certified: Security Operations Analyst Associate. Du skal bestille og betale for din eksamen særskilt.

Microsoft skriver dette om eksamen:

  • Microsoft security operations analysts reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. They perform triage, incident response, vulnerability management, threat hunting, and cyber threat intelligence analysis.
  • Microsoft security operations analysts monitor, identify, investigate, and respond to threats in multicloud environments by using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender, and third-party security solutions. Microsoft security operations analysts collaborate with business stakeholders, architects, identity administrators, Azure administrators, and endpoint administrators to secure IT systems for the organization.
  • Candidates should be familiar with Microsoft 365, Azure cloud services, and Windows and Linux operating systems.
  • This exam measures your ability to accomplish the following technical tasks: mitigate threats using Microsoft 365 Defender; mitigate threats using Microsoft 365 Defender; and mitigate threats using Azure Sentinel.

Læs mere om IT-certificering.

Videre forløb

Microsoft Cybersecurity Architect [SC-100T00]

Underviser

Undervisningen varetages af en erfaren underviser fra Teknologisk Instituts netværk bestående af branchens dygtigste undervisere.

Vælg dato

Taastrup
18. januar til 2. februar 2024
Aarhus
7. - 20. marts 2024
Taastrup
25. april til 7. maj 2024
Aarhus
6. - 20. juni 2024
Taastrup
2. - 17. september 2024
Vis flere datoer
Billede der illustrerer kurset

Firmakurser - få et tilbud

Er I flere, der har samme behov for kompetenceudvikling, så er et firmakursus ofte den rette løsning, der kan skabe fælles fundament og økonomisk besparelse.

Vil du vide mere?

Microsoft Certificeringer - Få bevis på dine kompetencer

Microsoft Certificeringer der udbydes på Teknologisk Institut. Forstå hvor du befinder dig i certificeringsforløbet og hvad du mangler for at blive certificeret eksp...

Læs mere