Configure SIEM security operations using Microsoft Sentinel is a Microsoft Learn-based course for security engineers and SOC analysts who implement and operate Microsoft Sentinel. Students learn to connect data sources, create analytics rules, investigate incidents, build automation playbooks using Logic Apps, and tune Sentinel for effective threat detection across a Microsoft and hybrid environment.
What You Will Learn
- Deploy Microsoft Sentinel and connect data connectors for Microsoft 365, Azure, and third-party sources
- Create and manage analytics rules using KQL to detect security threats and anomalies
- Investigate incidents using Sentinel’s incident management interface and investigation graph
- Build automation playbooks using Azure Logic Apps to automate alert triage and response
- Use Microsoft Sentinel Workbooks and hunting queries for proactive threat hunting
Who Should Attend
Security engineers, SOC analysts, and Microsoft security administrators responsible for configuring and operating Microsoft Sentinel in an enterprise environment.
Prerequisites
Familiarity with Microsoft Azure, Microsoft 365 security services, and security operations fundamentals. Basic KQL knowledge is helpful.
