Mastering Microsoft Sentinel – SIEM & SOAR
About This Course
Mastering Microsoft Sentinel – SIEM & SOAR
This course structure offers a comprehensive learning journey from the basics of SOC and SIEM to advanced skills in Microsoft Sentinel. It’s suitable for beginners as well as professionals looking to master Microsoft Sentinel in a real-world context.
Chapter 1: Understanding the Security Operations Center (SOC)
• Overview of Traditional vs. Next-Gen SOC
• Roles and Responsibilities in a SOC
• Importance of a SOC in Modern Enterprises
Chapter 2: Introduction to SIEM (Security Information and Event Management)
• What is SIEM?
• How SIEM Works
• Benefits of Using SIEM in a SOC
Chapter 3: Introduction to SOAR (Security Orchestration, Automation, and Response)
• What is SOAR?
• Difference between SIEM and SOAR
• How SOAR Enhances Incident Response
Chapter 4: Introduction to Microsoft Sentinel
• What is Microsoft Sentinel
• Key Features and Benefits
Chapter 5: Setting Up Microsoft Sentinel
• Prerequisites and Licensing
• Connecting to Azure Log Analytics Workspace
• Deployment and Initial Setup
Chapter 6: Data Sources and Connectors
• Types of Data Sources (Cloud, On-Premises, Custom)
• Configuring Data Connectors in Microsoft Sentinel
• Best Practices for Data Ingestion
Chapter 7: Azure Firewall connector for Sentinel
• Deploying & Configuring Azure Firewall
• Connecting Azure Firewall to Sentinel
Chapter 8 – Configuring syslog server
• What is a Syslog Server
• Setting Up a Syslog Server
Chapter 9: Kusto Query Language (KQL)
• Kusto Query Language Basics
• Getting data
Chapter 10 – Analytics rules
• Analytics rules
• Types of analytics rules
Chapter 11: Simulating a Brute Force Attack & Investigating with Sentinel
• Simulating a Brute Force Attack
• Investigating with Sentinel
Chapter 12: Automation Rule
• Automation in Microsoft Sentinel
• Playbooks in Microsoft Sentinel
Chapter 13: Chapter 13 – Playbook
• Example of a Playbook
Your Instructors
nettech
Manoj Verma (CCIE#43923) - Instructor & Consultant
Manoj Verma (CCIE#43923) is a highly experienced senior technical instructor and Network/ security consultant. He has been in the networking industry for more than 20 years, with a focus on networking and security for the past 15 years. He has assisted thousands of engineers in obtaining their various certifications starting from CCNA to CCIE, CCSA, CCSE, PCNSE, F5, etc. and learning the latest and cutting-edge technologies. He started his career as a system administrator and then switched to the networking and security domain. During the job, he realized that he is gifted with a passion for teaching and sharing his knowledge, as he used to teach his colleagues and friends. In his classroom training, he always starts with explaining the theory on a certain topic and then gives away a short note of key points and finally end with lab implementation. Now a day, driving down to the training institute to attend classroom training sessions is not feasible for everyone owing to the workflow, odd working hours and rotational shifts, especially for working professionals and those who are living in different cities and countries. He started getting multiple requests from lots of students to launch an online training module in the same way as he teaches in his classrooms. Keeping all this in mind, he designed this self-paced training module which replicates classroom training. He has brought his years of classroom teaching experience, and years of real-world enterprise and service provider experience in designing training modules. For a better understanding of technologies and in-depth knowledge, reading books or short notes is necessary and to witness the theoretical information in live, practical knowledge is required so he has included both which is very unique in the IT training sector.
