Grab the Learning Bonanza with up to 50% OFF on Combo Courses + Buy 1 Get 4* FREE on All Courses*
Grab the Learning Bonanza with up to 50% OFF on Combo Courses + Buy 1 Get 4* FREE on All Courses*
D H M S

All Self Learning > SC-200 : Microsoft Security Operations Analyst Self Learning Course

SC-200 : Microsoft Security Operations Analyst Self Learning Course 13 hours on-demand video | 200 lectures | HD 1080

Learn Necessary Skills to Become a Security Operations Analyst

121 Students Enrolled
Watch Preview

Benefits of Self-paced Learning

Flexible learning time and place
Revisit any concept at any given time
Learn from the industry experts over the world
Get course completion certificate
$ 12 $ 99   88 % off
Start Learning
  • 200 lectures in HD 1080
  • 13 hours on-demand video
  • Access on mobile and TV
  • Certificate of completion

Course Description

Security is an essential aspect of any domain, but it is sometimes disregarded. So the demand for Microsoft  SOC Engineer is increasing. The Microsoft Security Operations Analyst collaborates with other organizations to safeguard the information technology system. This course will assist you in learning threat management, monitoring, and response using Microsoft Sentinel and Microsoft Defender.

What you'll learn

  • Learn how to detect threats to your system
  • Define the capabilities of Microsoft Defender for Endpoint
  • Explain how Microsoft Defender for Endpoint can remediate risks in your environment
  • Perform advanced hunting in Microsoft Defender for Endpoint
  • Manage indicators in Microsoft Defender for Endpoint
  • Configure alert settings in Microsoft Defender for Endpoint
  • Identify vulnerabilities on your devices with Microsoft Defender for Endpoint

Target Audience

  • Participants who want to get their SC-200 certification
  • Anyone who wants to work in a SOC workplace
  • Anyone who wishes to learn about the M365 Defense Suite of services

Pre-requisites

  • Basic understanding of Microsoft 365
  • Basic knowledge of Windows 10 devices
  • Basic computer networking knowledge
  • Familiarity with Azure services, specifically Azure SQL Database, Azure Storage, and Azure virtual machines and virtual networking
  • Basic knowledge of Microsoft security, compliance, and identity products

Course content

200 lectures • 13 hours total length

Introduction
  • The Need for SOC
  • SC 200 Course Introduction
Module 1 – Mitigate threats using Microsoft 365 Defender
  • Module 1 – Learning Objectives
  • Introduction to Threat Protection
  • Microsoft 365 Defender suite
  • Typical Timeline of An Attack
  • Microsoft 365 Defender – Interactive Demonstration
  • Mitigate incidents using Microsoft 365 Defender – Chapter Introduction
  • How to Create your Playground – Lab Environment
  • Microsoft 365 Defender portal – Introduction
  • Managing Incidents
  • More about incidents
  • Simulate Incidents – Tor Browser
  • Managing Incidents
  • Managing Alerts
  • Investigating Incidents – MITRE ATT-A-CK
  • Advance Hunting
  • Advance Hunting Schema
  • Exploring the Kusto Queries
  • Microsoft Threat Experts
  • Microsoft Defender for Office 365 – Chapter Introduction
  • Microsoft Defender for Office 365 – Key Capabilities – I
  • Microsoft Defender for Office 365 – Key Capabilities – II
  • Safeguard Your Organization- M365 Defender for O365 – Lab I
  • Safeguard Your Organization- M365 Defender for O365 – Lab II
  • Attack Simulation – Lab Activity
  • Microsoft Defender for Identity – Introduction
  • What is Microsoft Defender for Identity
  • Microsoft Defender for Identity – Key Capabilities
  • Installing Sensors on Domain Controller – 1
  • Installing Sensors on Domain Controller – 2
  • Capturing Lateral Movements
  • Threat Hunting Lab
  • Microsoft Defender for Identity Sensors – Architecture
  • Protect Your Identities with Azure AD Identity Protection – Introduction
  • User Risk – Sign-in Risk
  • User risk policy – Sign in risk policy – Lab Activity
  • Cloud App Security – Introduction
  • The Cloud App Security Framework
  • conditional Access App Controls
  • What is Information Protection
  • Insider Risk Management – Enable Auditing
  • Phases of Cloud App security
  • Data Loss Prevention – Chapter Intro
  • DLP Alerts
  • Create Policies for DLP in Compliance Portal
  • What is Insider Risk
  • Pain points of a Modern Workplace
  • Insider Risk management with M365 Defender
  • Insider Risk Management – Permissions
  • Module 1 Summary
  • Onboarding devices to Defender
  • Cloud App security Phases – Lab Activity
Module 2 – Mitigate threats using Microsoft Defender for Endpoint
  • Module 2 Introduction
  • Defender for Endpoint – Features
  • Defender for Endpoint – Terminology
  • Onboarding devices to Defender
  • Windows 10 Security Enhancements – Chapter Introduction
  • Attack Surface Reduction Rules
  • Attack Surface Rules
  • Device Inventory
  • Device Investigation -Alerts
  • Behavioural Blocking
  • Client Behavioural Blocking
  • EDR- Block Mode
  • EDR- Block Mode – Lab Activity
  • Performing Actions on the device
  • Live Response
  • Perform Evidence and Entities Investigations
  • File Level Investigation
  • User Investigation
  • Advance Automated Remediation Features – Endpoint
  • Managing fileuploads
  • Automation folder exclusion
  • Automating Device group remediation
  • Blocking Risky Devices using Intune, Defender and Azure AD
  • Configure Alerts and Detections – Chapter Introduction
  • Configuring Advance features
  • Configuring Email Notifications
  • Indicators of Compromise
  • Threat and Vulnerability Management – Chapter Introduction
  • Threat and Vulnerability Management – Explanation
  • Module 2 Summary
Module 3 – Mitigate threats using Microsoft Defender for Cloud
  • Module 3 – Introduction
  • What is Azure Security Center
  • Microsoft Defender for cloud – Features
  • Azure Defender for Cloud – Lab Activity
  • CSPM and CWP
  • What resources are protected using Microsoft Defender
  • Benefits of Azure Defender for servers
  • Defender for App services
  • Defender for App services – lab
  • Defender for Storage – Lab tscproj
  • Defender for SQL – LAB
  • Defender for Keyvault
  • Defender for DNS
  • Defender for kubernetes
  • Defender for Container Registry
  • Connect Azure assets to Azure Defender- Chapter introduction
  • Asset Inventory – Lab
  • Auto provisioning
  • Stored Event types
  • Manual Provisioning
  • Connect non-Azure resources to Defender
  • Onboarding Methods
  • Onboard GCP instance to Azure ARC
  • Onboarding AWS Services to Defender for cloud
  • Remediating Security Alerts- Chapter intro
  • Changing world and attackers
  • What are Security alerts and notifications
  • How does defender work
  • Alert Severity Level
  • Continuous Monitoring and assessments
  • Mitre Attack tactics and alert types
  • Remediating Alerts
  • Automated Responses
  • Alert Suppression
Module 4 – Create Queries for Microsoft Sentinel using Kusto Query Language
  • Module 4 introduction
  • The construct of KQL Language
  • The Lab Environment
  • Declaring variables with let
  • Search and where operator
  • Extend Operator
  • Order By
  • The Project Operator
  • Summarize, Count and Dcount Functions
  • Arg_Max and Arg_Min Functions
  • Make_List and Make_Set Functions
  • Render Operator
  • Bin Function
  • Union Operator
Module 5 – Microsoft Sentinel Environment – Configuration
  • What is a SIEM Solution
  • What is Microsoft Sentinel
  • Microsoft Sentinel – Components
  • Data Connectors
  • Log Retention
  • Workbooks
  • Analytics Alerts
  • Threat Hunting
  • Incidents Investigations
  • Automation Playbooks
  • Creating Azure Sentinel Workspace
  • Azure Sentinel – RBAC
  • Data Connectors
  • On boarding Windows host to Sentinel
  • Ingesting Events to Sentinel
  • Sentinel – Watchlists
  • Sentinel – Creating a watchlist for Tor Nodes
  • Sentinel – Create Hunting Query
  • Sentinel – Live Stream
  • Sentinel – Capturing traffic from TOR Exit Nodes
  • Sentinel – Create Analytical Rules
  • Analytical Rule Type – Fusion
  • Analytical Rule Types – Security Types
  • Analytical Ryle Types – Anomaly, Scheduled Alerts and NRT
  • Creating Anayltics Rules based on Template
  • Creating Analytic Rules based on Wizard
  • Managing the Rules
  • Define Threat Intelligence
Module 6 – Microsoft Sentinel Environment – Connecting Logs
  • Module 6 Introduction
  • Connect M365 Defender to Sentinel
  • Office 365 Log Connector
  • Azure Activity Log Connector
  • Azure Active Directory Identity Protection Connection
  • Defender for Office 365 Connector
  • Defender for Endpoint Connector
  • Connect Threat Indicators to Microsoft Sentinel
Module 7 – Microsoft Sentinel Environment – Incidents,Threat Response , UEBA and Monitoring
  • Module 7 Introduction
  • Key Concepts of Incident Management
  • Key Concepts of Incident Management – II
  • Incident Management in Microsoft Sentinel – I
  • Incident Management in Microsoft Sentinel – II
  • Brute Force attack against Azure Portal – Simulation
  • Investigations in Azure Sentinel
  • Threat Response with Microsoft Sentinel Playbooks – Introduction
  • Step 1 – Creating Analytical Rule to look for Role membership Changes
  • Step 2 – Integrate Log Analytics with Azure AD Audit Logs
  • Step 3 – Verify Log Analytics
  • Step 4 – Incident Creation in Sentinel
  • Create a Logic app to integrate with Microsoft teams
  • Step 6 Edit Analytical rule to add Logic app Playbook
  • Testing the integration
  • UEBA – Introduction
  • Entity Behaviour Lab -I
  • Entity Behaviour Lab -II
  • Workbooks – Introduction
  • Create Workbooks Using Template
  • Create Workbook from scratch
Module 8 Perform Threat Hunting with Microsoft Sentinel
  • Module 8 Introduction
  • Cyber Security Threat Hunting
  • The need for Proactive Hunting
  • Develop a Threat Hunting hypothesis
  • Threat Hunting – Recap
  • Notebooks- Introduction
  • Sentinel Notebooks – Lab Activity
$ 12 $ 99   88 % off
Start Learning
  • 200 lectures in HD 1080
  • 13 hours on-demand video
  • Access on mobile and TV
  • Certificate of completion

Instructor

Frequently Asked Questions

How long will I get access to the course?
Once you purchase the course, you can access for 365days
Can I download the videos?
No, you cannot download the videos
How Self-paced Learning Work?
  • Step 1: Enroll into the Course
  • Step 2: Receive the LMS credentials in your registered email ID
  • Step 3: After course completion, Fill the feedback form
  • Step 4: You will receive your Self-paced Learning course completion certification within 3-4 days
How can I resolve any queries?
Our sales executives will help you resolve your queries. You can connect them at our numbers:
Call: IND: 1800-843-7890 / US: +1 657-722-11127 / UK : +44 7451 208413 / UAE: +971 564 23 6252
or send an email at sales@infosectrain.com
Who should opt for a self-paced course?
Self-paced courses are available to anyone who wants to learn but is unable to enrol in an instructor-led course. A self-paced course is an option if you prefer to learn at your own leisure.
Can I opt for an instructor-led course after purchasing a self-paced course?
Yes, you can connect with our sales executive to get details on the latest batch.
What is the number of questions on the SC-200 exam?
The total number of questions on the CS-200 exam is 40.
Can I retake the exam if I fail?
Yes, you can retake the exam if you fail. You must have to wait for 24 hours for the first time.
How to cancel or postpone your exam?

The certification dashboard allows you to reschedule or cancel your booked exam appointment.

  • Login to the certification dashboard
  • In the appointment section, find the appointment which you want to reschedule or cancel
  • Select the cancel or reschedule
  • You will be transferred to the exam delivery provider’s website to cancel or reschedule your exam.
What is the time duration for the SC-200 exam?
The time duration for the CS-200 exam is 130 minutes.
When and how will I receive the SC-200 exam results?
Once you have completed the exam and met all of the certification requirements, you will receive an email with your results.

Related Courses

  • SC-300: Microsoft Identity & Access Administrator Self Learning Course

    12 99   88% off
    • 245 lectures in HD 1080
    • 13 hours on-demand video
    • Access on mobile and TV
    • Certificate of completion
    View Details
  • SC-900 : Microsoft Security,Compliance & Identity Fundamentals Self Learning

    12 99   88% off
    • 151 lectures in HD 1080
    • 7.5 hours on-demand video
    • Access on mobile and TV
    • Certificate of completion
    View Details
  • Ansible Automation Self Learning with Example & Practical Lessons

    12 99   88% off
    • 29 hours on-demand video
    • Access on mobile and TV
    • Certificate of completion
    View Details
  • Industrial espionage-HUMINT-SIGINT-OPSINT-OSINT Self Learning

    12 99   88% off
    • 2.5 hours on-demand video
    • Access on mobile and TV
    • Certificate of completion
    View Details
TOP
whatsapp