Course description
We will deploy Azure Sentinel and the entire Azure Security Stack, services that are natively supported by Azure Sentinel. During the training we will show you what to avoid, how to work with the tool and how to integrate data sources (for example from your Powershell or Python scripts). Together we will create correlation rules, try to touch the attack detection and find out the speed of response and detection with the Azure Sentinel system, which is not only Cloud Based SIEM, but also SOAR (a tool for orchestration of remediation detection in your cloud or local environment). The advantage of the training is that the theoretical part makes up only 25% of the training and the rest are practical demonstrations and hand-on exercises in which you will learn to work with the Azure Sentinel.
Required knowledge
Basic knowledge of cyber security, knowledge of Microsoft Cloud (Office365 and Azure), knowledge of Windows Server and basic knowledge of Linux.
Target audience
The course is intended for security administrators and analysts, or security specialists who are considering the deployment of a modern SIEM system using AI/ML.
Materials
Materials in electronic form.
Objectives
The goal of the training is to get to know the Azure Sentinel and how to avoid or solve any problems associated with the deployment of the Azure Sentinel service.