Kurser

Fremragende4 dages kursus 
Læring inden for et specifikt emne

Microsoft Security Operations Analyst [SC-200T00]

24. oktober til 8. november 2024 Aarhus Garantifor afholdelse
21. november til 6. december 2024 Taastrup
14. - 24. januar 2025 Taastrup
18. - 28. marts 2025 Aarhus
DKK  17.999
ekskl. moms
Nr. 90956 A
4,7
Fremragende
13 anmeldelser
Arrangementer på Teknologisk Institut bliver evalueret af deltagerne. Stjernerne angiver deltagernes gennemsnitlige tilfredshed inden for de sidste 5 år.

Lær at arbejde med sikkerhedsværktøjerne i Azure og Microsoft 365 ved hjælp af Microsoft Sentinel, Microsoft Defender for Cloud og Microsoft 365 Defender, og hvordan du afbøder cybertrusler ved hjælp af disse teknologier. Du lærer også at konfigurere og bruge Azure Sentinel samt Kusto Query Language (KQL) til registrering, analyse og rapportering.

Få papir på dine kompetencer

Efter kurset er der mulighed for at blive certificeretMicrosoft 365 Certified Security Operations Analyst Associate. Læs mere under afsnittet Certificering.

Deltagerprofil

Kurset er for dig, der arbejder med sikkerhed, mindskning af trusler og afbødningssystemer i Azure og Microsoft 365.

Forudsætninger

Du forventes at have deltaget på kurset Microsoft security, compliance, and identity SC-900T00, eller have tilsvarende viden samt kendskab til Azure-services især Azure SQL Database og Azure Storage, kendskab til virtuelle maskiner og netværk i Azure samt en grundlæggende forståelse for scripting-koncepter.

Udbytte

  • Bliv godt klædt på at til at arbejde med sikkerhedsværktøjer i Microsoft 365 og Azure
  • Lær, hvordan Microsoft 365 Defender kan afhjælpe risici i dit miljø
  • Bliv i stand til at administrere Microsoft Defender for Endpoint
  • Lær at arbejde med Microsoft Defender for Cloud, Microsoft Sentinel og Kusto Query Language

Det får du på kurset

Vi sørger for, at rammerne er i orden, så du kan fokusere på at lære.

Efter du har fuldendt kurset, vil du modtage et kursusbevis.

Kursusbevis

Hos Teknologisk Institut bruger vi kun erfarne undervisere.

Erfaren underviser

Certificeret underviser.png

Certificeret underviser

På kurset får du morgenmad, frokost, snacks og drikkevarer.

Fuld forplejning

På kurset er der indtænkt øvelser og deltagerinddragelse.

Øvelser og inddragelse

Materiale på engelsk

Materiale på engelsk

Undervisning på dansk

Undervisning på dansk

Tæt på kursusstedet er der gratis parkering.

Gratis parkering

Indhold

Modul 1: Mitigate threats using Microsoft 365 Defender
  • Analyze threat data across domains and rapidly remediate threats with built-in orchestration and automation in Microsoft 365 Defender.
     
    - Introduction to Microsoft 365 threat protection
    - Mitigate incidents using Microsoft 365 Defender
    - Protect your identities with Azure AD Identity Protection
    - Remediate risks with Microsoft Defender for Office 365
    - Safeguard your environment with Microsoft Defender for Identity
    - Secure your cloud apps and services with Microsoft Defender for Cloud Apps
Modul 2 Mitigate threats using Microsoft Purview
  • In this Learning Path we focus on Microsoft Purview's risk and compliance solutions that assist security operations analysts detect threats to organizations and identify, classify, and protect sensitive data, as well as monitor and report on compliance.

    - Respond to data loss prevention alerts using Microsoft 365
    - Manage insider risk in Microsoft Purview
    - Investigate threats by using audit features in Microsoft 365 Defender and Microsoft Purview Standard
    - Investigate threats using audit in Microsoft 365 Defender and Microsoft Purview (Premium)
    - Investigate threats with Content search in Microsoft Purview
Modul 3: Mitigate threats using Microsoft Defender for Endpoint
  • Implement the Microsoft Defender for Endpoint platform to detect, investigate, and respond to advanced threats.
     
    - Protect against threats with Microsoft Defender for Endpoint
    - Deploy the Microsoft Defender for Endpoint environment
    - Implement Windows security enhancements with Microsoft Defender for Endpoint
    - Perform device investigations in Microsoft Defender for Endpoint
    - Perform actions on a device using Microsoft Defender for Endpoint
    - Perform evidence and entities investigations using Microsoft Defender for Endpoint
    - Configure and manage automation using Microsoft Defender for Endpoint
    - Configure for alerts and detections in Microsoft Defender for Endpoint
    - Utilize Threat and Vulnerability Management in Microsoft Defender for Endpoint
Modul 4: Mitigate threats using Microsoft Defender for Cloud
  • Use Microsoft Defender for Cloud, for Azure, hybrid cloud, and on-premises workload protection and security.

    - Plan for cloud workload protections using Microsoft Defender for Cloud
    - Connect Azure assets to Microsoft Defender for Cloud
    - Connect non-Azure resources to Microsoft Defender for Cloud
    - Manage your cloud security posture management
    - Explain cloud workload protections in Microsoft Defender for Cloud
    - Remediate security alerts using Microsoft Defender for Cloud
Modul 5: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
  • Write Kusto Query Language (KQL) statements to query log data to perform detections, analysis, and reporting in Microsoft Sentinel. This learning path will focus on the most used operators. The example KQL statements will showcase security related table queries.
     
    - Construct KQL statements for Microsoft Sentinel
    - Analyze query results using KQL
    - Build multi-table statements using KQL
    - Work with string data in using KQL statements
Modul 6: Configure your Microsoft Sentinel environment
  • Get started with Microsoft Sentinel by properly configuring the Microsoft Sentinel workspace.
     
    - Introduction to Microsoft Sentinel
    - Create and manage Microsoft Sentinel workspaces
    - Query logs in Microsoft Sentinel
    - Use watchlists in Microsoft Sentinel
    - Utilize threat intelligence in Microsoft Sentinel
Modul 7: Connect logs to Microsoft Sentinel
  • Connect data at cloud scale across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds to Microsoft Sentinel.
     
    - Connect data to Microsoft Sentinel using data connectors
    - Connect Microsoft services to Microsoft Sentinel
    - Connect Microsoft 365 Defender to Microsoft Sentinel
    - Connect Windows hosts to Microsoft Sentinel
    - Connect Common Event Format logs to Microsoft Sentinel
    - Connect syslog data sources to Microsoft Sentinel
    - Connect threat indicators to Microsoft Sentinel
Modul 8: Create detections and perform investigations using Microsoft Sentinel
  • Detect previously uncovered threats and rapidly remediate threats with built-in orchestration and automation in Microsoft Sentinel.
     
    - Threat detection with Microsoft Sentinel analytics
    - Automation in Microsoft Sentinel
    - Threat response with Microsoft Sentinel playbooks
    - Security incident management in Microsoft Sentinel
    - Identify threats with behavioral analyticsl
    - Data normalization in Microsoft Sentinel
    - Query, visualize, and monitor data in Microsoft Sentinel
    - Manage content in Microsoft Sentinel
Modul 9: Perform threat hunting in Microsoft Sentinel
  • Proactively hunt for security threats using the Microsoft Sentinel powerful threat hunting tools.
     
    - Explain threat hunting concepts in Microsoft Sentinel
    - Threat hunting with Microsoft Sentinel
    - Use Search jobs in Microsoft Sentinel
    - Hunt for threats using notebooks in Microsoft Sentinel
    - Who hacked cloud game
 

Bemærk: Indhold for dette kursus tilpasses løbende af Microsoft for at følge med den løbende teknologiske udvikling, der kan derfor ske ændringer af kursusindhold uden varsel.

Anmeldelser af Microsoft Security Operations Analyst [SC-200T00]

4,7
 
Fremragende Baseret på 13 anmeldelser
Arrangementer på Teknologisk Institut bliver evalueret af deltagerne. Stjernerne angiver deltagernes gennemsnitlige tilfredshed inden for de sidste 5 år.
Fremragende
Meget godt
Godt
Mindre godt
Ikke godt

Certificering

Kurset er rettet mod eksamen SC-200 Microsoft Security Operations Analyst. Ved beståelse opnår du certificeringen Microsoft Certified: Security Operations Analyst Associate. Du skal bestille og betale for din eksamen særskilt.

Microsoft skriver dette om eksamen:

  • Microsoft security operations analysts reduce organizational risk by rapidly remediating active attacks in the environment, advising on improvements to threat protection practices, and referring violations of organizational policies to appropriate stakeholders. They perform triage, incident response, vulnerability management, threat hunting, and cyber threat intelligence analysis.
  • Microsoft security operations analysts monitor, identify, investigate, and respond to threats in multicloud environments by using Microsoft Sentinel, Microsoft Defender for Cloud, Microsoft 365 Defender, and third-party security solutions. Microsoft security operations analysts collaborate with business stakeholders, architects, identity administrators, Azure administrators, and endpoint administrators to secure IT systems for the organization.
  • Candidates should be familiar with Microsoft 365, Azure cloud services, and Windows and Linux operating systems.
  • This exam measures your ability to accomplish the following technical tasks: mitigate threats using Microsoft 365 Defender; mitigate threats using Microsoft 365 Defender; and mitigate threats using Azure Sentinel.

Læs mere om IT-certificering.

Videre forløb

Microsoft Cybersecurity Architect [SC-100T00]

Få økonomisk støtte til dit kursus

Ved nogle kurser er det muligt at søge tilskud gennem en kompetencefond. Læs mere om dine muligheder:


Økonomisk støtte til kompetenceudvikling
Underviser

Undervisningen varetages af en erfaren underviser fra Teknologisk Instituts netværk bestående af branchens dygtigste undervisere.

Vælg dato

Aarhus
24. oktober til 8. november 2024
 Garantifor afholdelse
Taastrup
21. november til 6. december 2024
Taastrup
14. - 24. januar 2025
Aarhus
18. - 28. marts 2025
Taastrup
22. april til 2. maj 2025

Vil du vide mere?

Microsoft Certificeringer - Få bevis på dine kompetencer

Microsoft Certificeringer der udbydes på Teknologisk Institut. Forstå hvor du befinder dig i certificeringsforløbet og hvad du mangler for at blive certificeret eksp...

Læs mere