MSEC-2 - MOC SC-200T00 - MICROSOFT SECURITY OPERATIONS ANALYST

INFORMAZIONI SUL CORSO

durata

Durata:

4 GIORNI
categoria

Categoria:

MS Security
qualifica

Qualifica istruttore:

Microsoft Certified Trainer
dedicato a

Dedicato a:

Professionista IT
produttore

Produttore:

Microsoft

SCEGLI LA SEDE PER QUESTO CORSO

CORSO A CALENDARIO

Per vedere le informazioni relative al calendario del corso scegli prima una sede
sede
Sede: PCSNET Roma
prezzo
Prezzo: 1.750 € + IVA
Inizio
Fine
Prezzo
 
03 ott 22
06 ott 22
1.750 €
sede
Sede: PCSNET Milano
prezzo
Prezzo: 1.750 € + IVA
Inizio
Fine
Prezzo
 
03 ott 22
06 ott 22
1.750 €
sede
Sede: PCSNET Nord Est
prezzo
Prezzo: 1.750 € + IVA
Questo corso attualmente non ha date a Calendario e può essere erogato in forma dedicata.
Usa il box qui accanto per richiederne uno apposta per te!
sede
Sede: PCSNET Torino
prezzo
Prezzo: 1.750 € + IVA
Inizio
Fine
Prezzo
 
03 ott 22
06 ott 22
1.750 €
sede
Sede: PCSNET Emilia Romagna
prezzo
Prezzo: 1.750 € + IVA
Inizio
Fine
Prezzo
 
03 ott 22
06 ott 22
1.750 €
sede
Sede: PCSNET Toscana
prezzo
Prezzo: 1.750 € + IVA
Inizio
Fine
Prezzo
 
27 set 22
30 set 22
1.750 €
02 gen 23
05 gen 23
1.750 €
07 mar 23
10 mar 23
1.750 €
02 mag 23
05 mag 23
1.750 €
04 lug 23
07 lug 23
1.750 €
05 set 23
08 set 23
1.750 €
06 nov 23
09 nov 23
1.750 €
sede
Sede: PCSNET Marche
prezzo
Prezzo: 1.750 € + IVA
Questo corso attualmente non ha date a Calendario e può essere erogato in forma dedicata.
Usa il box qui accanto per richiederne uno apposta per te!
sede
Sede: PCSNET Napoli
prezzo
Prezzo: 1.750 € + IVA
Questo corso attualmente non ha date a Calendario e può essere erogato in forma dedicata.
Usa il box qui accanto per richiederne uno apposta per te!
sede
Sede: PCSNET Puglia
prezzo
Prezzo: 1.750 € + IVA
Questo corso attualmente non ha date a Calendario e può essere erogato in forma dedicata.
Usa il box qui accanto per richiederne uno apposta per te!
sede
Sede: PCSNET Sicilia
prezzo
Prezzo: 1.750 € + IVA
Questo corso attualmente non ha date a Calendario e può essere erogato in forma dedicata.
Usa il box qui accanto per richiederne uno apposta per te!

CORSO DEDICATO

Per avere informazioni sul corso dedicato compila il form e ti contatteremo

CORSO DEDICATO

Grazie per la tua richiesta, ti contatteremo al più presto.

OBIETTIVI

After completing this course, students will be able to:

  • Explain how Microsoft Defender for Endpoint can remediate risks in your environment
  • Administer a Microsoft Defender for Endpoint environment
  • Configure Attack Surface Reduction rules on Windows devices
  • Perform actions on a device using Microsoft Defender for Endpoint
  • Investigate domains and IP addresses in Microsoft Defender for Endpoint
  • Investigate user accounts in Microsoft Defender for Endpoint
  • Configure alert settings in Microsoft 365 Defender
  • Conduct hunting in Microsoft 365 Defender
  • Manage incidents in Microsoft 365 Defender
  • Explain how Microsoft Defender for Identity can remediate risks in your environment
  • Investigate DLP alerts in Microsoft Defender for Cloud Apps
  • Explain the types of actions you can take on an insider risk management cases
  • Configure auto-provisioning in Microsoft Defender for Cloud Apps
  • Remediate alerts in Microsoft Defender for Cloud Apps
  • Construct KQL statements
  • Filter searches based on event time, severity, domain, and other relevant data using KQL
  • Extract data from unstructured string fields using KQL
  • Manage a Microsoft Sentinel workspace
  • Use KQL to access the watchlist in Microsoft Sentinel
  • Manage threat indicators in Microsoft Sentinel
  • Explain the Common Event Format and Syslog connector differences in Microsoft Sentinel
  • Connect Azure Windows Virtual Machines to Microsoft Sentinel
  • Configure Log Analytics agent to collect Sysmon events
  • Create new analytics rules and queries using the analytics rule wizard
  • Create a playbook to automate an incident response
  • Use queries to hunt for threats
  • Observe threats over time with livestream

PREREQUISITI

  • Basic understanding of Microsoft 365
  • Fundamental understanding of Microsoft security, compliance, and identity products
  • Intermediate understanding of Microsoft Windows
  • Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
  • Familiarity with Azure virtual machines and virtual networking
  • Basic understanding of scripting concepts.

CONTENUTI:

Module 1: Mitigate threats using Microsoft 365 Defender

  • Introduction to Microsoft 365 threat protection
  • Mitigate incidents using Microsoft 365 Defender
  • Protect your identities with Azure AD Identity Protection
  • Remediate risks with Microsoft Defender for Office 365
  • Safeguard your environment with Microsoft Defender for Identity
  • Secure your cloud apps and services with Microsoft Defender for Cloud Apps
  • Respond to data loss prevention alerts using Microsoft 365
  • Manage insider risk in Microsoft 365

 

Lab : Mitigate threats using Microsoft 365 Defender

  • Explore Microsoft 365 Defender

 

Module 2: Mitigate threats using Microsoft Defender for Endpoint

  • Protect against threats with Microsoft Defender for Endpoint
  • Deploy the Microsoft Defender for Endpoint environment
  • Implement Windows security enhancements with Microsoft Defender for Endpoint
  • Perform device investigations in Microsoft Defender for Endpoint
  • Perform actions on a device using Microsoft Defender for Endpoint
  • Perform evidence and entities investigations using Microsoft Defender for Endpoint
  • Configure and manage automation using Microsoft Defender for Endpoint
  • Configure for alerts and detections in Microsoft Defender for Endpoint
  • Utilize Vulnerability Management in Microsoft Defender for Endpoint

 

Lab : Deploy Microsoft Defender for Endpoint

  • Initialize Microsoft Defender for Endpoint
  • Onboard a Device
  • Configure Roles
  • Configure Device Groups

 

Lab : Mitigate Attacks with Micrsoft Defender for Endpoint

  • Simulated Attacks

 

Module 3: Mitigate threats using Microsoft Defender for Cloud

  • Plan for cloud workload protections using Microsoft Defender for Cloud
  • Connect Azure assets to Microsoft Defender for Cloud
  • Connect non-Azure resources to Microsoft Defender for Cloud
  • Manage your cloud security posture management
  • Explain cloud workload protections in Microsoft Defender for Cloud
  • Remediate security alerts using Microsoft Defender for Cloud

 

Lab : Mitigate threats using Microsoft Defender for Cloud

  • Enable Microsoft Defender for Cloud
  • Mitigate Attacks with Microsoft Defender for Cloud

 

Module 4: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

  • Construct KQL statements for Microsoft Sentinel
  • Analyze query results using KQL
  • Build multi-table statements using KQL
  • Work with data in Microsoft Sentinel using Kusto Query Language

 

Lab : Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

  • Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

 

Module 5: Configure your Microsoft Sentinel environment

  • Introduction to Microsoft Sentinel
  • Create and manage Microsoft Sentinel workspaces
  • Query logs in Microsoft Sentinel
  • Use watchlists in Microsoft Sentinel
  • Utilize threat intelligence in Microsoft Sentinel

 

Lab : Configure your Microsoft Sentinel environment

  • Configure your Microsoft Sentinel environment

 

Module 6: Connect logs to Microsoft Sentinel

  • Connect data to Microsoft Sentinel using data connectors
  • Connect Microsoft services to Microsoft Sentinel
  • Connect Microsoft 365 Defender to Microsoft Sentinel
  • Connect Windows hosts to Microsoft Sentinel
  • Connect Common Event Format logs to Microsoft Sentinel
  • Connect syslog data sources to Microsoft Sentinel
  • Connect threat indicators to Microsoft Sentinel

 

Lab : Connect logs to Microsoft Sentinel

  • Connect data to Microsoft Sentinel using data connectors
  • Connect Windows devices to Microsoft Sentinel using data connectors
  • Connect Linux hosts to Microsoft Sentinel using data connectors
  • Connect Threat intelligence to Microsoft Sentinel using data connectors

 

Module 7: Create detections and perform investigations using Microsoft Sentinel

  • Threat detection with Microsoft Sentinel analytics
  • Automation in Microsoft Sentinel
  • Threat response with Microsoft Sentinel playbooks
  • Security incident management in Microsoft Sentinel
  • Identify threats with Entity behavior analytics in Microsoft Sentinel
  • Data normalization in Microsoft Sentinel
  • Query, visualize, and monitor data in Microsoft Sentinel
  • Manage content in Microsoft Sentinel

 

Lab : Create detections and perform investigations using Microsoft Sentinel

  • Modify a Microsoft Security rule
  • Create a Playbook
  • Create a Scheduled Query
  • Understand Detection Modeling
  • Conduct attacks
  • Create detections
  • Investigate incidents
  • Create workbooks

 

Module 8: Perform threat hunting in Microsoft Sentinel

  • Explain threat hunting concepts in Microsoft Sentinel
  • Threat hunting with Microsoft Sentinel
  • Use Search jobs in Microsoft Sentinel
  • Hunt for threats using notebooks in Microsoft Sentinel

 

Lab : Threat hunting in Microsoft Sentinel

  • Perform threat hunting in Microsoft Sentinel
  • Threat hunting using notebooks with Microsoft Sentinel

INFO

  • Esame: SC-200 - Microsoft Security Operations Analyst
  • Materiale didattico: Materiale didattico ufficiale Microsoft in formato digitale
  • Costo materiale didattico: 260 € incluso nel prezzo del corso a Calendario
  • Natura del corso: Operativo (previsti lab su PC)

PARTNERSHIP