Sc-200: Microsoft Security Operations Analyst
Last updated 1/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 5.37 GB | Duration: 12h 43m
Last updated 1/2023
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 5.37 GB | Duration: 12h 43m
Become a Microsoft SOC engineer Today!! Learn through lab excercises and practical demonstrations
What you'll learn
Define the capabilities of Microsoft Defender for Endpoint.
Understand how to hunt threats within your network.
Explain how Microsoft Defender for Endpoint can remediate risks in your environment.
Create a Microsoft Defender for Endpoint environment
Onboard devices to be monitored by Microsoft Defender for Endpoint
Configure Microsoft Defender for Endpoint environment settings
Investigate incidents in Microsoft Defender for Endpoint
Investigate alerts in Microsoft Defender for Endpoint
Perform advanced hunting in Microsoft Defender for Endpoint
Configure alert settings in Microsoft Defender for Endpoint
Construct KQL statements
Manage indicators in Microsoft Defender for Endpoint
Describe Threat and Vulnerability Management in Microsoft Defender for Endpoint
Identify vulnerabilities on your devices with Microsoft Defender for Endpoint
Track emerging threats in Microsoft Defender for Endpoint
Requirements
Basic understanding of Microsoft 365
Intermediate understanding of Windows 10 devices
Passion to learn about Cyber security
Unlearn and learn new aspects of cloud security via Microsoft Defender
Fundamental understanding of Microsoft security, compliance, and identity products
Familiarity with Azure services, specifically Azure SQL Database and Azure Storage
Familiarity with Azure virtual machines and virtual networking
Foundational knowledge of computer networking
Basic understanding of scripting concepts.
Description
There is no short cut to learning Azure security. This course teaches you how to learn it the right way with tons of labs excercises and the right volume of labs . The Microsoft Security Operations Analyst works with organizational stakeholders to secure the organization's information technology systems. Their mission is to reduce corporate risk by quickly resolving active attacks in the environment, advising on threat protection practices, and reporting policy violations to the proper stakeholders.Threat management, monitoring, and response using a variety of security technologies across their environment are among their responsibilities. Using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security tools, the position primarily investigates, responds to, and hunts for threats. The security operations analyst is a key stakeholder in the configuration and implementation of these technologies since they consume the operational output of these solutions.The following topics needs to be completed in order to achieve SC - 200 Certification. Module 1 Mitigate threats using Microsoft 365 Defender Module 2 Mitigate threats using Microsoft Defender for Endpoint Module 3 Mitigate threats using Azure Defender Module 4 Create queries for Azure Sentinel using Kusto Query Language Module 5 Microsoft Sentinel Environment - Configuration Module 6 Microsoft Sentinel Environment - Connecting Logs Module 7 Microsoft Sentinel Environment - Incidents,Threat Response , UEBA and Monitoring Module 8 Module 8 Perform Threat Hunting with Microsoft SentinelYou will learn to Implement the Microsoft Defender for Endpoint platform to detect, investigate, and respond to advanced threats. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst Exam.Reviews from Participants - In the beginning I was a little intimidated by the immensity of Microsoft security environment, but getting along with the course it all clicked in my head. The concepts are presented at a very good pace and I like that the information is on point. Segmenting the videos in small chunks is also beneficial for time management. I really appreciate and recommend this course! - Adrian CarbuneGreat course. I learned a lot about Defender and Sentinel. I especially liked the module on KQL. IMO, it's the best tutorial on Kusto that I've found on the web. If Anand were to create a course that went in-depth on KQL I would certainly purchase it.-Bill JonesAnand has structured the course well, so that anyone, irrespective of their experience in Security, would be able to follow with ease. The course aligns very well with the Certification track. I strongly recommend this course to anyone who is interested in understanding Security.-Moses Mam truley satisfied with this course. Anand nails the security features of M 365 defender suite. The graphics , narration and worlkflows are commendable. Just labs, labs and labs . Its all about getting straight to the point. Great Job!!!-Gaurav
Overview
Section 1: Introduction
Lecture 1 The Need for SOC Team
Lecture 2 SC-200 - Microsoft Security Operations Analyst - Course Introduction
Lecture 3 SC 200 - May 2022 - Update
Lecture 4 Reviews - Thank You
Section 2: Module 1 - Mitigate threats using Microsoft 365 Defender
Lecture 5 Module 1 - Learning Objectives
Lecture 6 Introduction to Threat Protection
Lecture 7 Microsoft 365 Defender Suite
Lecture 8 Typical Timeline of An Attack
Lecture 9 Microsoft 365 Defender - Interactive Demonstration
Lecture 10 Mitigate incidents using Microsoft 365 Defender - Chapter Introduction
Lecture 11 How to Create your Playground - Lab Environment
Lecture 12 Microsoft 365 Defender portal - Introduction
Lecture 13 Managing Incidents
Lecture 14 More about incidents
Lecture 15 Simulate Incidents - Tor Browser
Lecture 16 Managing Incidents
Lecture 17 Managing Alerts
Lecture 18 Investigating Incidents - MITRE ATT-A-CK
Lecture 19 Advance Hunting
Lecture 20 Advance Hunting Schema
Lecture 21 Exploring the Kusto Queries
Lecture 22 Microsoft Threat Experts
Lecture 23 Microsoft Defender for Office 365 - Chapter Introduction
Lecture 24 MIcrosoft Defender for Office 365 - Key Capabilities
Lecture 25 Microsoft Defender for Office 365 - Key Capabilities - II
Lecture 26 Safeguard Your Organization- M365 Defender for O365 - Lab I
Lecture 27 Safeguard Your Organization- M365 Defender for O365 - Lab II
Lecture 28 Attack Simulation - Lab Activity
Lecture 29 Microsoft Defender for Identity - Introduction
Lecture 30 What is Microsoft Defender for Identity
Lecture 31 Microsoft Defender for Identity - Key Capabilities
Lecture 32 Installing Sensors on Domain Controller - 1
Lecture 33 Installing Sensors on Domain Controller - 2
Lecture 34 Capturing Lateral Movements
Lecture 35 Threat Hunting Lab
Lecture 36 Microsoft Defender for Identity Sensors - Architecture
Lecture 37 Protect Your Identities with Azure AD Identity Protection - Introduction
Lecture 38 User Risks & Sign-In Risks
Lecture 39 User risk policy & Sign in risk policy - Lab Activity
Lecture 40 Cloud App Security - Introduction
Lecture 41 The Cloud App Security Framework
Lecture 42 Conditional Access App Controls
Lecture 43 What is Information Protection?
Lecture 44 Insider Risk Management - Enable Auditing
Lecture 45 Phases of Cloud App security
Lecture 46 Cloud App security Phases - Lab Activity
Lecture 47 Data Loss Prevention - Chapter Intro
Lecture 48 DLP Alerts
Lecture 49 Create Policies for DLP in Compliance Portal
Lecture 50 Insider Risk Management
Lecture 51 What is Insider Risk
Lecture 52 Pain points of a Modern Workplace
Lecture 53 Insider Risk management with M365 Defender
Lecture 54 Insider Risk Management - Permissions
Lecture 55 Module 1 - Summary
Section 3: Module 2 - Mitigate threats using Microsoft Defender for Endpoint
Lecture 56 Module 2 - Introduction
Lecture 57 Defender for Endpoint - Features
Lecture 58 Defender for Endpoint - Terminology
Lecture 59 Onboarding devices to Defender
Lecture 60 Windows 10 Security Enhancements - Chapter Introduction
Lecture 61 Attack Surface Reduction Rules
Lecture 62 Attack Surface Rules
Lecture 63 Device Inventory
Lecture 64 Device Investigation -Alerts
Lecture 65 Behavioral Blocking
Lecture 66 Client Behavioral Blocking
Lecture 67 EDR- Block Mode
Lecture 68 EDR- Block Mode - Lab Activity
Lecture 69 Performing Actions on the device
Lecture 70 Live Response
Lecture 71 Perform Evidence and Entities Investigations
Lecture 72 User Investigations
Lecture 73 Advance Automated Remediation Features - Endpoint
Lecture 74 Managing File Uploads
Lecture 75 Automation folder exclusion
Lecture 76 File Level Investigation
Lecture 77 Automating Device group remediation
Lecture 78 Blocking Risky Devices using Intune, Defender and Azure AD
Lecture 79 Configure Alerts and Detections - Chapter Introduction
Lecture 80 Configuring Advance Features
Lecture 81 Configuring Email Notifications
Lecture 82 Indicators of Compromise
Lecture 83 28 Threat and Vulnerability Management - Chapter Introduction
Lecture 84 29 Threat and Vulnerability Management - Explanation
Lecture 85 Module 2 - Summary
Section 4: Module 3 - Mitigate threats using Microsoft Defender for Cloud
Lecture 86 Module 3 - Introduction
Lecture 87 What is Azure Security Center
Lecture 88 Microsoft Defender for cloud - Features
Lecture 89 Azure Defender for Cloud - Lab Activity
Lecture 90 CSPM and CWP
Lecture 91 What resources are protected using Microsoft Defender
Lecture 92 Benefits of Azure Defender for servers
Lecture 93 Defender for App services
Lecture 94 Defender for App services - Lab
Lecture 95 Defender for Storage - Lab
Lecture 96 Defender for SQL - LAB
Lecture 97 Defender for Keyvault
Lecture 98 Defender for DNS
Lecture 99 Defender for Kubernetes
Lecture 100 Defender for Container Registry
Lecture 101 Connect Azure assets to Azure Defender- Chapter introduction
Lecture 102 Asset Inventory - LAB
Lecture 103 Auto provisioning
Lecture 104 Stored Event types
Lecture 105 Manual Provisioning
Lecture 106 Connect non-Azure reosurces to Defender
Lecture 107 Onboarding Methods
Lecture 108 Onboard GCP instance to Azure ARC
Lecture 109 Onboarding AWS Services to Defender for cloud
Lecture 110 Remediating Security Alerts- Chapter Intro
Lecture 111 Changing World and Attackers
Lecture 112 What are Security alerts and notifications
Lecture 113 How does defender work ?
Lecture 114 Alert Severity Level
Lecture 115 Continuous Monitoring and assesments
Lecture 116 Mitre Attack tactics and alert types
Lecture 117 Remediating Alerts
Lecture 118 Automated Responses
Lecture 119 Alert Supression
Lecture 120 Module 3 - Summary
Section 5: Module 4 - Create Queries for Microsoft Sentinel using Kusto Query Language
Lecture 121 Module 4 - Introduction
Lecture 122 The Construct of KQL Language
Lecture 123 The Lab Environment
Lecture 124 Declaring Variables with Let
Lecture 125 Search and Where Operator
Lecture 126 Extend Operator
Lecture 127 Order By Usage
Lecture 128 Project Operator
Lecture 129 Summarize, Count and DCount Functions
Lecture 130 Arg_Max and Arg_Min Functions
Lecture 131 Make_List and Make_Set Functions
Lecture 132 Render Operator
Lecture 133 Bin Function
Lecture 134 Union Operator
Lecture 135 Module 4 Summary
Section 6: Module 5 - Microsoft Sentinel Environment - Configuration
Lecture 136 What is a SIEM Solution
Lecture 137 What is Microsoft Sentinel
Lecture 138 Microsoft Sentinel - Components
Lecture 139 Data Connectors
Lecture 140 Log Retention
Lecture 141 Workbooks
Lecture 142 Analytics Alerts
Lecture 143 Threat Hunting
Lecture 144 Incidents & Investigations
Lecture 145 Automation Playbooks
Lecture 146 Creating Azure Sentinel Workspace
Lecture 147 Azure Sentinel - RBAC
Lecture 148 Data Connectors
Lecture 149 On-Boarding Windows host to Sentinel
Lecture 150 Ingesting Events to Sentinel
Lecture 151 Sentinel Watchlist
Lecture 152 Sentinel - Creating a watchlist for Tor Nodes-edited
Lecture 153 Sentinel - Create Hunting Query
Lecture 154 Sentinel - Live Stream
Lecture 155 Sentinel - Capturing traffic from TOR Exit Nodes
Lecture 156 Sentinel - Create Analytical Rules
Lecture 157 Analytical Rule Type - Fusion
Lecture 158 Analytical Rule Types - Security Types
Lecture 159 Analytical Rule Types - ML based Behavioral Analytics
Lecture 160 Analytical Rule Types - Anomaly, Scheduled Alerts and NRT
Lecture 161 Creating Anayltics Rules based on Template
Lecture 162 Creating Analytic Rules based on Wizard
Lecture 163 Managing the Rules
Lecture 164 Define Threat Intelligence - CTI
Lecture 165 Create TI - Lab Activity
Section 7: Module 6 - Microsoft Sentinel Environment - Connecting Logs
Lecture 166 Module 6 Introduction
Lecture 167 Connect M365 Defender to Sentinel
Lecture 168 Office 365 Log Connector
Lecture 169 Azure Activity Log Connector
Lecture 170 Azure Active Directory Identity Protection Connector
Lecture 171 Defender for Office 365 Connector
Lecture 172 Defender for Endpoint Connector
Lecture 173 Connect Threat Indicators to Microsoft Sentinel
Section 8: Microsoft Sentinel Environment - Incidents,Threat Response , UEBA and Monitoring
Lecture 174 Module 7 Introduction
Lecture 175 Key Concepts of Incident Management
Lecture 176 Investigations in Azure Sentinel
Lecture 177 Key Concepts of Incident Management - II
Lecture 178 Incident Management in Microsoft Sentinel - I
Lecture 179 Incident Management in Microsoft Sentinel - II
Lecture 180 Brute Force attack against Azure Portal - Simulation
Lecture 181 Threat Response with Microsoft Sentinel Playbooks - Introduction/ Use Case
Lecture 182 Step -1 Creating Analytical Rule to look for Role membership changes
Lecture 183 Step 2 - Integrate Log Analytics with Azure AD Audit Logs
Lecture 184 Step 3 - Verify Log Analytics
Lecture 185 Step 4 - Incident Creation in Sentinel
Lecture 186 Step 5 - Create Logic App to Integrate with Microsoft Teams
Lecture 187 Step 6 - Edit Analytical Rule to add Logic App - Playbooks
Lecture 188 Finally !! Testing the Integration
Lecture 189 UEBA - User Entity Behavior Analytics - Introduction
Lecture 190 Entity Behaviour Lab -I
Lecture 191 Entity Behaviour Lab -II
Lecture 192 Workbooks - Introduction
Lecture 193 Create Workbooks Using Template
Lecture 194 Create Workbook from scratch
Section 9: Module 8 Perform Threat Hunting with Microsoft Sentinel
Lecture 195 Module 8 Introduction
Lecture 196 Cyber Security Threat Hunting
Lecture 197 The Need for Proactive Hunting
Lecture 198 Develop a Threat Hunting Hypothesis
Lecture 199 Threat Hunting - Recap
Lecture 200 Notebooks - Introduction
Lecture 201 Sentinel Notebooks - Lab Activity
Section 10: SC 200 - Microsoft Security Operations Analyst - Course Summary
Lecture 202 SC 200 - Microsoft Security Operations Analyst - Course Summary
Participants aspiring for SC 200 Certification,Everyone who aspires to work in the modern age SOC environment,Anyone wants to learn the M365 defender Suite of services