This course offers a comprehensive exploration of Azure Sentinel, Microsoft's cloud-native Security Information and Event Management (SIEM) solution.
Designed for cybersecurity professionals, it covers Azure Sentinel’s architecture, advanced features, and integration capabilities. Participants will learn to connect various data sources using built-in and custom data connectors, master Kusto Query Language (KQL) for data analysis, and implement analytical rules, including Near Real-Time (NRT) and machine learning-based rules, to effectively detect and respond to security incidents.
In addition, the course delves into the ingestion of cyber threat intelligence through TAXII and PulseDrive, streamlining threat detection and response. It also covers automation rules for efficient incident management and the use of watchlists to enhance threat detection capabilities.
Through hands-on labs and real-world use cases, participants will gain practical experience in deploying and managing Azure Sentinel, equipping them with the skills needed to strengthen their organization's security operations.
.png)
.png)
.png)
.png)
.png)
.svg)
.svg)
.png)
.svg)
.svg)
.svg)
.svg)
