Masterclass SOC Analyst Live-Online Training - Webinar von Bechtle AG

Masterclass SOC Analyst Course (SOC): #- Module1: Monitoring operations in Azure AD: including: Azure Active Directory Operations and Logs; Azure AD Roles; Identity Protection – Roles, Review access, alerts, Discovery and Insights; How to deal with Audit Log #- Module2: Microsoft 365 security: including: Secure Score and Security Center; Best Practices for Improving Your Secure Score; Azure Defender for Servers #- Module3: Microsoft 365 Defender for Endpoint – EDR: including: Intro 101 (configuration, device inventory, concept, Report, alerts) and EDR deployment; Security Operations best practices with Microsoft EDR; How to manage Incidents; Kusto language 101 – basic and advanced queries; Advanced Hunting #- Module4: eXtended Detection and Response with Sentinel: including: Sentinel 101 - Azure Sentinel Dashboards, Connectors; Understanding Normalization in Azure Sentinel; Cloud & on-prem architecture; Workbooks deep dive - Visualize your security threats and hunts; Incidents; KQL intro (KQL hands-on lab exercises) and Optimizing Azure Sentinel KQL queries performance; Auditing and monitoring your Azure Sentinel workspace; Sentinel configuration with Microsoft Cloud stack, EDR and MCAS; Fusion ML Detections with Scheduled Analytics Rules; Streamlining your SOC Workflow with Automated Notebooks #- Module5: Microsoft Cloud App Security: including: Intro do MCAS; Enabling Secure Remote Work; App Discovery and Log Collector Configuration; Extending real-time monitoring & controls to any app; Connecting 3rd party Applications

The course is dedicated for people who want to learn about Microsofts cloud environment monitoring tools and framework. At the beginning, you will be introduced to the management of Azure Active Directory, service auditing and logs, roles related to monitoring threats in the cloud, or the implementation of PIM and PAM services. The next module is to walk you through the secure score functionality and how to improve it with cloud security configuration best practices, Azure Defender for servers and security standards recommendations. During the course you will be able to configure an environment with EDR enabled, where we will try to attack endpoints and user identity and see how EDR behaves. Then we will go through security operations best practices and make hunting queries. The implemented EDR solution and other components of the security stack will be linked within the Microsoft SIEM - Sentinel, which will allow monitoring and implementation of responses to threats.