This training program includes 16 modules. For each module, the post includes a presentation, preferably recorder (when still not, we are working on the recording) as well as supporting information: relevant product documentation, blog posts, and other resources.
The modules listed below are split into five groups following the life cycle of a SOC:
Overview
- Module 1: Technical overview
- Module 2: Azure Sentinel role
Designing Your Deployment
- Module 3: Cloud architecture and multi-workspace/tenant support
- Module 4: Collecting events
- Module 5: Log Management
- Module 6: Integrating threat intelligence
Creating Content
- Module 7: Kusto Query Language (KQL) - the starting point
- Module 8: Writing rules to implement detection
- Module 9: Creating playbooks to implement SOAR
- Module 10: Creating workbooks to implement dashboards and apps
- Module 11: Implementing use cases
Security Operations
- Module 12: A day in a SOC analyst's life, incident management, and investigation
- Module 13: Hunting
Advanced Topics
- Module 14: Automating and integrating
- Module 15: Roadmap - since it requires an NDA, contact your Microsoft contact for details.
- Module 16: Where to go next?
https://techcommunity.microsoft.com/t5/azure-sentinel/become-an-azure-sentinel-ninja-the-complete...
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.