Azure Sentinel Course Overview

The Azure Sentinel course is designed to equip learners with comprehensive knowledge about Microsoft's cloud-native Security Information and Event Management (SIEM) solution, Microsoft Azure Sentinel. This course will take participants through the core aspects of Azure Sentinel, starting from data collection to threat detection, investigation, and response.

In Phase 1: Collect, learners will delve into Data ingestion, understanding Azure Analytics, and the fundamentals of Microsoft 365 Sentinel. They will compare traditional SIEMs with cloud-native solutions and learn how to visualize and query logs using the Kusto Query Language (KQL).

Phase 2: Detect focuses on identifying threats through Correlation rules and Custom detections, highlighting real-time cloud use cases and advanced Threat hunting techniques.

In Phase 3: Investigate, students will learn about Threat investigation methods and utilize graphical tools to analyze incidents.

Lastly, Phase 4: Respond introduces Security Orchestration, Automation, and Response (SOAR) concepts, where learners will create security playbooks and automate threat responses using Logic App Designer.

Overall, this course will provide learners with the skills needed to effectively use Azure Sentinel for enhancing an organization's security posture.