Show training

Microsoft Security Operations Analyst

training code: SC-200 / ENG DL 4d / EN

Authorized Microsoft Security Operations Analyst SC-200  Distance Learning training.

 

Target audience:

  • Administrator

  • IT specialist

  • Security specialist

  • Security engineer

For more information, please contact the sales department. For more information, please contact the sales department.
4,650.00 PLN 5,719.50 PLN with TAX

The Microsoft Security Operations Analysts work with various departments in an organization to secure IT systems. Their goal is to reduce organizational risk by:

• Rapidly remediating active attacks in the environment,

• Advising on improving threat protection practices,

• Referring violations of organizational policies to appropriate stakeholders.

 

Responsibilities include monitoring, analyzing, and responding to threats using a variety of security solutions across the environment. The Security Operations Analysts role primarily investigates, responds, and searches for threats using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security products. The Security Operations Analyst uses the operational results of these tools.

This course is intended for security administrators, cloud administrators, IT specialists and individuals who are interested in learning about:

  • Managing Microsoft Azure Sentinel
  • Managing Azure Defender
  • Managing Microsoft 365 Defender
  • Using Kusto Query Language

During the training, the participant will learn how to investigate, respond to, and hunt threats using Microsoft Azure Sentinel, Azure Defender, and Microsoft 365 Defender. This course will teach you how to mitigate cyber threats using these solutions. In particular, you will gain knowledge and practical experience in configuring and using Microsoft 365 Defender XDR and Azure Sentinel, as well as using Kusto Query Language (KQL) for detection, analysis, and reporting. The course is designed for people who work in a Security position.

The training helps participants prepare for the SC-200 exam.

 

1: Mitigate threats using Microsoft Defender XDR

  Introduction to threat protection with Microsoft Defender XDR

  Mitigate incidents using Microsoft Defender XDR

  Remediate risks with Defender for Office 365 in Microsoft Defender XDR

  Microsoft Defender for Identity in Microsoft Defender XDR

  Protect your identities with Entra ID Protection

  Defender for Cloud Apps in Microsoft Defender XDR

2: Mitigate threats using Microsoft Copilot for Security

  Fundamentals of Generative AI

  Describe Microsoft Copilot for Security

  Describe the core features of Microsoft Copilot for Security

  Describe the embedded experiences of Microsoft Copilot for Security

3: Mitigate threats using Microsoft Purview

  Microsoft Purview Compliance Solutions

  Investigate and remediate compromised entities identified by Microsoft Purview data loss prevention (DLP) policies

  Investigate and remediate insider risk threats identified by Microsoft Purview policies

  Investigate threats using Content search in Microsoft Purview

  Investigate threats using Microsoft Purview Audit (Standard)

  Investigate threats using Microsoft Purview Audit (Premium)

4: Mitigate threats using Microsoft Defender for Endpoint

  Protect against threats with Microsoft Defender for Endpoint

  Deploy the Microsoft Defender for Endpoint environment

  Implement Windows security enhancements

  Perform device investigations

  Perform actions on a device

  Perform evidence and entities investigations

  Configure and manage automation

  Configure for alerts and detections

  Utilize Threat and Vulnerability Management

5: Mitigate threats using Microsoft Defender for Cloud

  Plan for cloud workload protections using Microsoft Defender for Cloud

  Connect Azure assets to Microsoft Defender for Cloud

  Connect non-Azure assets to Microsoft Defender for Cloud

  Manage your cloud security posture management

  Workload protections in Microsoft Defender for Cloud

  Remediate security alerts using Microsoft Defender for Cloud

6: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

  Construct KQL statements for Microsoft Sentinel

  Analyze query results using KQL

  Build multi-table statements using KQL

  Work with string data in using KQL statements

7: Configure your Microsoft Sentinel environment

  Introduction to Microsoft Sentinel

  Create and manage Microsoft Sentinel workspaces

  Query logs in Microsoft Sentinel

  Use watchlists in Microsoft Sentinel

  Utilize threat intelligence in Microsoft Sentinel

8: Connect logs to Microsoft Sentinel

  Manage content in Microsoft Sentinel

  Connect data to Microsoft Sentinel using data connectors

  Connect Microsoft services to Microsoft Sentinel

  Connect Microsoft Defender XDR to Microsoft Sentinel

  Connect Windows hosts to Microsoft Sentinel

  Connect Common Event Format logs to Microsoft Sentinel

  Connect syslog data sources to Microsoft Sentinel

  Connect threat indicators to Microsoft Sentinel

9: Create detections and perform investigations using Microsoft Sentinel

  Threat detection with Microsoft Sentinel analytics

  Automation in Microsoft Sentinel

  Threat response with Microsoft Sentinel playbooks

  Security incident management in Microsoft Sentinel

  Entity behavioral analytics in Microsoft Sentinel

  Data normalization in Microsoft Sentinel

  Query, visualize, and monitor data in Microsoft Sentinel

10: Perform threat hunting in Microsoft Sentinel

  Explain threat hunting concepts in Microsoft Sentinel

  Threat hunting with Microsoft Sentinel

  Use Search jobs in Microsoft Sentinel

  Optional – Hunt for threats using notebooks in Microsoft Sentinel

  • Knowledge of Microsoft 365

  • Knowledge of Microsoft security and compliance technologies.

  • Knowledge of information protection concepts.

  • Understanding of cloud computing concepts.

  • Intermediate knowledge of Windows 10/11

  • Knowledge of Azure services

  • Basic understanding of scripting concepts

  • Ability to use English-language materials

  • Pre-training: AZ-900, MS-900, SC-900, SC-300, SC-400

  • An ability to use English language materials

To make work more convenient and training more effective we suggest using additional screen. Lack of extra screen does not make it impossible to participate in the training, but significantly influences the convenience of work during classes

Information and requirements conerning participation in distance learning trainings is available at: https://www.altkomakademia.pl/distance-learning/#FAQ

* electronic handbook available at:

https://learn.microsoft.com/pl-pl/training/

  • access to the Altkom Akademia student portal

  • training conducted in the form of a presentation

  • trainer demonstrations

  • practical exercises (laboratories)

Training method:

  • Distance Learning formula

 

  • Training: English
  • Materials: English

The exam is on-line. You can enroll at:  https://home.pearsonvue.com/Clients/Microsoft.aspx

After the SC-200 course, you can take Microsoft certification exams:an Authorized Test Center,online being monitored by an offsite proctor. Details on the website: https://docs.microsoft.com/en-us/learn/certifications/exams/sc-200