SC-5001: Configure SIEM security operations using Microsoft Sentinel

Course Prerequisites

Before attending this course, participants should have:

• A foundational understanding of network security and cloud security concepts.
• Basic experience with Microsoft Azure, Azure Active Directory, and Microsoft 365 security solutions.
• Familiarity with security monitoring and incident management workflows.
• Knowledge of Microsoft Defender and other Microsoft security solutions is a plus but not required.
• Basic experience with PowerShell or Azure CLI is helpful for hands-on labs but not mandatory.

Learning Objectives

By the end of this course, participants will be able to:

1. Understand the core concepts of SIEM and how Microsoft Sentinel fits into a security operations framework.
2. Deploy and configure Microsoft Sentinel to collect and analyze security data from on-premises and cloud-based environments.
3. Set up data connectors to integrate Microsoft Sentinel with third-party security tools, cloud platforms, and network devices.
4. Configure Log Analytics workspaces and create custom KQL queries to analyze and correlate security events.
5. Use Microsoft Sentinel’s built-in analytics to detect threats, identify anomalies, and investigate security incidents.
6. Build and deploy playbooks in Sentinel to automate security incident response and orchestrate workflows.
7. Configure alerting rules to monitor security events and notify the appropriate stakeholders.
8. Leverage Sentinel’s machine learning-based threat detection capabilities to enhance proactive threat hunting.
9. Optimize Sentinel’s performance by managing retention policies and setting up cost-effective data collection strategies.
10. Understand the integration of Sentinel with other Microsoft security solutions like Microsoft Defender and Azure Security Center for comprehensive threat protection.

Target Audience

This course is ideal for:

• Security engineers and security analysts responsible for implementing and managing SIEM systems in an enterprise environment.
• SOC analysts who want to streamline threat detection and response using Microsoft Sentinel.
• IT professionals and cloud administrators looking to enhance their security monitoring practices using Azure Sentinel.
• Security operations managers seeking to build or refine their SIEM strategy using Microsoft Sentinel.
• Microsoft 365 administrators and Azure administrators who want to integrate Sentinel into their organization's existing security operations.
• Security consultants who need expertise in configuring and managing SIEM tools for enterprise clients.