English | MP4 | AVC 1280×720 | AAC 48KHz 2ch | 0h 59m | 135 MB
Azure Sentinel is a next-generation, cloud-native security event and information management (SEIM) system that provides real-time analysis of security alerts generated for your cloud and on-premises resources. By leveraging built-in machine learning from the security analytics experts at Microsoft, Sentinel effectively detects threats while automating threat response using orchestration and built-in or custom security playbooks. In this course, join Pete Zerger as he guides you through the implementation and configuration of Azure Sentinel. Discover how to connect key services and threat intelligence resources to Sentinel; investigate cases; create security playbooks to set automated threat responses to issues; and leverage search and query tools to hunt for threats.
Topics include:
- Onboarding Azure Sentinel
- Connecting Microsoft and third-party services
- Connecting to threat intelligence resources
- Detecting suspicious activities
- Investigating cases
- Responding to threats
- Hunting for security threats in your environment
- Building custom dashboards
Table of Contents
Introduction
1 An introduction to Azure Sentinel
2 What you should know
3 Lab requirements
Introducing Azure Sentinel
4 Sentinel feature flyover
5 Onboarding Azure Sentinel
6 Kusto query language quickstart
Connecting Data Sources
7 Connecting Microsoft services
8 Connecting external services
9 Connecting threat intelligence
Threat Detection, Investigation, and Response
10 Detecting suspicious activities
11 Investigating cases
12 Responding to threats
13 Setting up automated threat response
Advanced Threat Hunting Scenarios
14 Threat hunting basics
15 Hunting with bookmarks
16 Hunting with notebooks
17 Building custom dashboards
Conclusion
18 Next steps
Resolve the captcha to access the links!