The Azure Sentinel Ninja training is not static and always updated. If you want to refresh your knowledge and get updated, here is the list of updates for you:
Module 2: How is Azure Sentinel used?
- Side by side use: We are working hard to enhance our support for side by side deployment alongside a 3rd party SIEM or a ticketing system. "Sending alerts enriched with supporting events from Azure Sentinel to 3rd party SIEMs" will significantly enhance your side by side integration.
- MSSPs: a new blog post covers Protecting MSSP's Intellectual Property in Azure Sentinel
- We also started collecting customer stories in this section. You might find Stuart Gregg, Security Operations Manager @ ASOS, a blog post from his experience with Azure Sentinel, focusing on hunting useful.
Module 3: Cloud architecture and multi-workspace/tenant support
- We finally documented our cross workspace capabilities: Extend Azure Sentinel across workspaces and tenants
- A new blog post goes into depth regarding resource RBAC, which enables multiple teams to use a single workspace.
Module 6: Threat Intelligence
Connect ThreatConnect TIP with Azure Sentinel
Module 7: KQL
The Azure Sentinel KQL Lab - an interactive lab teaching KQL focusing on what you need for Azure Sentinel: Youtube, MP4, Slides, Lab URL
Module 8: Write rules
Approximate, partial and combined lookups
Module 11: Use cases
Use cases focus: working from home.
- Zoom
- Windows Virtual Desk
- Microsoft endpoint Manager / Intune
- Integrate the Microsoft COVID-19 threat feed
Module 13: Hunting
Threat Hunting - AWS using Sentinel (MP4, YouTube, Presentation).
Module 14: Extending and integrating Azure Sentinel
Using the Sentinel API to view data in a Workbook
Module 15: Roadmap
We have a new exciting roadmap! Since roadmap information is provided under NDA, reach out to your Microsoft account team to discuss an Azure Sentinel roadmap presentation.
Updated Jun 18, 2020
Version 1.0
Ofer_Shezaf
Microsoft
Microsoft
