Sc-200: Microsoft Security Operations Analyst

Become a Microsoft SOC engineer Today!! Learn through lab excercises and practical demonstrations

What you'll learn

Define the capabilities of Microsoft Defender for Endpoint.

Understand how to hunt threats within your network.

Explain how Microsoft Defender for Endpoint can remediate risks in your environment.

Create a Microsoft Defender for Endpoint environment

Onboard devices to be monitored by Microsoft Defender for Endpoint

Configure Microsoft Defender for Endpoint environment settings

Investigate incidents in Microsoft Defender for Endpoint

Investigate alerts in Microsoft Defender for Endpoint

Perform advanced hunting in Microsoft Defender for Endpoint

Configure alert settings in Microsoft Defender for Endpoint

Construct KQL statements

Manage indicators in Microsoft Defender for Endpoint

Describe Threat and Vulnerability Management in Microsoft Defender for Endpoint

Identify vulnerabilities on your devices with Microsoft Defender for Endpoint

Track emerging threats in Microsoft Defender for Endpoint

Requirements

Basic understanding of Microsoft 365

Intermediate understanding of Windows 10 devices

Passion to learn about Cyber security

Unlearn and learn new aspects of cloud security via Microsoft Defender

Fundamental understanding of Microsoft security, compliance, and identity products

Familiarity with Azure services, specifically Azure SQL Database and Azure Storage

Familiarity with Azure virtual machines and virtual networking

Foundational knowledge of computer networking

Basic understanding of scripting concepts.

Description

There is no short cut to learning Azure security. This course teaches you how to learn it the right way with tons of labs excercises and the right volume of labs . The Microsoft Security Operations Analyst works with organizational stakeholders to secure the organization's information technology systems. Their mission is to reduce corporate risk by quickly resolving active attacks in the environment, advising on threat protection practices, and reporting policy violations to the proper stakeholders.Threat management, monitoring, and response using a variety of security technologies across their environment are among their responsibilities. Using Microsoft Azure Sentinel, Azure Defender, Microsoft 365 Defender, and third-party security tools, the position primarily investigates, responds to, and hunts for threats. The security operations analyst is a key stakeholder in the configuration and implementation of these technologies since they consume the operational output of these solutions.The following topics needs to be completed in order to achieve SC - 200 Certification. Module 1 Mitigate threats using Microsoft 365 Defender Module 2 Mitigate threats using Microsoft Defender for Endpoint Module 3 Mitigate threats using Azure Defender Module 4 Create queries for Azure Sentinel using Kusto Query Language Module 5 Microsoft Sentinel Environment - Configuration Module 6 Microsoft Sentinel Environment - Connecting Logs Module 7 Microsoft Sentinel Environment - Incidents,Threat Response , UEBA and Monitoring Module 8 Module 8 Perform Threat Hunting with Microsoft SentinelYou will learn to Implement the Microsoft Defender for Endpoint platform to detect, investigate, and respond to advanced threats. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst Exam.Reviews from Participants - In the beginning I was a little intimidated by the immensity of Microsoft security environment, but getting along with the course it all clicked in my head. The concepts are presented at a very good pace and I like that the information is on point. Segmenting the videos in small chunks is also beneficial for time management. I really appreciate and recommend this course! - Adrian CarbuneGreat course. I learned a lot about Defender and Sentinel. I especially liked the module on KQL. IMO, it's the best tutorial on Kusto that I've found on the web. If Anand were to create a course that went in-depth on KQL I would certainly purchase it.-Bill JonesAnand has structured the course well, so that anyone, irrespective of their experience in Security, would be able to follow with ease. The course aligns very well with the Certification track. I strongly recommend this course to anyone who is interested in understanding Security.-Moses Mam truley satisfied with this course. Anand nails the security features of M 365 defender suite. The graphics , narration and worlkflows are commendable. Just labs, labs and labs . Its all about getting straight to the point. Great Job!!!-Gaurav

Overview

Section 1: Introduction

Lecture 1 The Need for SOC Team

Lecture 2 SC-200 - Microsoft Security Operations Analyst - Course Introduction

Lecture 3 SC 200 - May 2022 - Update

Lecture 4 Reviews - Thank You

Section 2: Module 1 - Mitigate threats using Microsoft 365 Defender

Lecture 5 Module 1 - Learning Objectives

Lecture 6 Introduction to Threat Protection

Lecture 7 Microsoft 365 Defender Suite

Lecture 8 Typical Timeline of An Attack

Lecture 9 Microsoft 365 Defender - Interactive Demonstration

Lecture 10 Mitigate incidents using Microsoft 365 Defender - Chapter Introduction

Lecture 11 How to Create your Playground - Lab Environment

Lecture 12 Microsoft 365 Defender portal - Introduction

Lecture 13 Managing Incidents

Lecture 14 More about incidents

Lecture 15 Simulate Incidents - Tor Browser

Lecture 16 Managing Incidents

Lecture 17 Managing Alerts

Lecture 18 Investigating Incidents - MITRE ATT-A-CK

Lecture 19 Advance Hunting

Lecture 20 Advance Hunting Schema

Lecture 21 Exploring the Kusto Queries

Lecture 22 Microsoft Threat Experts

Lecture 23 Microsoft Defender for Office 365 - Chapter Introduction

Lecture 24 MIcrosoft Defender for Office 365 - Key Capabilities

Lecture 25 Microsoft Defender for Office 365 - Key Capabilities - II

Lecture 26 Safeguard Your Organization- M365 Defender for O365 - Lab I

Lecture 27 Safeguard Your Organization- M365 Defender for O365 - Lab II

Lecture 28 Attack Simulation - Lab Activity

Lecture 29 Microsoft Defender for Identity - Introduction

Lecture 30 What is Microsoft Defender for Identity

Lecture 31 Microsoft Defender for Identity - Key Capabilities

Lecture 32 Installing Sensors on Domain Controller - 1

Lecture 33 Installing Sensors on Domain Controller - 2

Lecture 34 Capturing Lateral Movements

Lecture 35 Threat Hunting Lab

Lecture 36 Microsoft Defender for Identity Sensors - Architecture

Lecture 37 Protect Your Identities with Azure AD Identity Protection - Introduction

Lecture 38 User Risks & Sign-In Risks

Lecture 39 User risk policy & Sign in risk policy - Lab Activity

Lecture 40 Cloud App Security - Introduction

Lecture 41 The Cloud App Security Framework

Lecture 42 Conditional Access App Controls

Lecture 43 What is Information Protection?

Lecture 44 Insider Risk Management - Enable Auditing

Lecture 45 Phases of Cloud App security

Lecture 46 Cloud App security Phases - Lab Activity

Lecture 47 Data Loss Prevention - Chapter Intro

Lecture 48 DLP Alerts

Lecture 49 Create Policies for DLP in Compliance Portal

Lecture 50 Insider Risk Management

Lecture 51 What is Insider Risk

Lecture 52 Pain points of a Modern Workplace

Lecture 53 Insider Risk management with M365 Defender

Lecture 54 Insider Risk Management - Permissions

Lecture 55 Module 1 - Summary

Section 3: Module 2 - Mitigate threats using Microsoft Defender for Endpoint

Lecture 56 Module 2 - Introduction

Lecture 57 Defender for Endpoint - Features

Lecture 58 Defender for Endpoint - Terminology

Lecture 59 Onboarding devices to Defender

Lecture 60 Windows 10 Security Enhancements - Chapter Introduction

Lecture 61 Attack Surface Reduction Rules

Lecture 62 Attack Surface Rules

Lecture 63 Device Inventory

Lecture 64 Device Investigation -Alerts

Lecture 65 Behavioral Blocking

Lecture 66 Client Behavioral Blocking

Lecture 67 EDR- Block Mode

Lecture 68 EDR- Block Mode - Lab Activity

Lecture 69 Performing Actions on the device

Lecture 70 Live Response

Lecture 71 Perform Evidence and Entities Investigations

Lecture 72 User Investigations

Lecture 73 Advance Automated Remediation Features - Endpoint

Lecture 74 Managing File Uploads

Lecture 75 Automation folder exclusion

Lecture 76 File Level Investigation

Lecture 77 Automating Device group remediation

Lecture 78 Blocking Risky Devices using Intune, Defender and Azure AD

Lecture 79 Configure Alerts and Detections - Chapter Introduction

Lecture 80 Configuring Advance Features

Lecture 81 Configuring Email Notifications

Lecture 82 Indicators of Compromise

Lecture 83 28 Threat and Vulnerability Management - Chapter Introduction

Lecture 84 29 Threat and Vulnerability Management - Explanation

Lecture 85 Module 2 - Summary

Section 4: Module 3 - Mitigate threats using Microsoft Defender for Cloud

Lecture 86 Module 3 - Introduction

Lecture 87 What is Azure Security Center

Lecture 88 Microsoft Defender for cloud - Features

Lecture 89 Azure Defender for Cloud - Lab Activity

Lecture 90 CSPM and CWP

Lecture 91 What resources are protected using Microsoft Defender

Lecture 92 Benefits of Azure Defender for servers

Lecture 93 Defender for App services

Lecture 94 Defender for App services - Lab

Lecture 95 Defender for Storage - Lab

Lecture 96 Defender for SQL - LAB

Lecture 97 Defender for Keyvault

Lecture 98 Defender for DNS

Lecture 99 Defender for Kubernetes

Lecture 100 Defender for Container Registry

Lecture 101 Connect Azure assets to Azure Defender- Chapter introduction

Lecture 102 Asset Inventory - LAB

Lecture 103 Auto provisioning

Lecture 104 Stored Event types

Lecture 105 Manual Provisioning

Lecture 106 Connect non-Azure reosurces to Defender

Lecture 107 Onboarding Methods

Lecture 108 Onboard GCP instance to Azure ARC

Lecture 109 Onboarding AWS Services to Defender for cloud

Lecture 110 Remediating Security Alerts- Chapter Intro

Lecture 111 Changing World and Attackers

Lecture 112 What are Security alerts and notifications

Lecture 113 How does defender work ?

Lecture 114 Alert Severity Level

Lecture 115 Continuous Monitoring and assesments

Lecture 116 Mitre Attack tactics and alert types

Lecture 117 Remediating Alerts

Lecture 118 Automated Responses

Lecture 119 Alert Supression

Lecture 120 Module 3 - Summary

Section 5: Module 4 - Create Queries for Microsoft Sentinel using Kusto Query Language

Lecture 121 Module 4 - Introduction

Lecture 122 The Construct of KQL Language

Lecture 123 The Lab Environment

Lecture 124 Declaring Variables with Let

Lecture 125 Search and Where Operator

Lecture 126 Extend Operator

Lecture 127 Order By Usage

Lecture 128 Project Operator

Lecture 129 Summarize, Count and DCount Functions

Lecture 130 Arg_Max and Arg_Min Functions

Lecture 131 Make_List and Make_Set Functions

Lecture 132 Render Operator

Lecture 133 Bin Function

Lecture 134 Union Operator

Lecture 135 Module 4 Summary

Section 6: Module 5 - Microsoft Sentinel Environment - Configuration

Lecture 136 What is a SIEM Solution

Lecture 137 What is Microsoft Sentinel

Lecture 138 Microsoft Sentinel - Components

Lecture 139 Data Connectors

Lecture 140 Log Retention

Lecture 141 Workbooks

Lecture 142 Analytics Alerts

Lecture 143 Threat Hunting

Lecture 144 Incidents & Investigations

Lecture 145 Automation Playbooks

Lecture 146 Creating Azure Sentinel Workspace

Lecture 147 Azure Sentinel - RBAC

Lecture 148 Data Connectors

Lecture 149 On-Boarding Windows host to Sentinel

Lecture 150 Ingesting Events to Sentinel

Lecture 151 Sentinel Watchlist

Lecture 152 Sentinel - Creating a watchlist for Tor Nodes-edited

Lecture 153 Sentinel - Create Hunting Query

Lecture 154 Sentinel - Live Stream

Lecture 155 Sentinel - Capturing traffic from TOR Exit Nodes

Lecture 156 Sentinel - Create Analytical Rules

Lecture 157 Analytical Rule Type - Fusion

Lecture 158 Analytical Rule Types - Security Types

Lecture 159 Analytical Rule Types - ML based Behavioral Analytics

Lecture 160 Analytical Rule Types - Anomaly, Scheduled Alerts and NRT

Lecture 161 Creating Anayltics Rules based on Template

Lecture 162 Creating Analytic Rules based on Wizard

Lecture 163 Managing the Rules

Lecture 164 Define Threat Intelligence - CTI

Lecture 165 Create TI - Lab Activity

Section 7: Module 6 - Microsoft Sentinel Environment - Connecting Logs

Lecture 166 Module 6 Introduction

Lecture 167 Connect M365 Defender to Sentinel

Lecture 168 Office 365 Log Connector

Lecture 169 Azure Activity Log Connector

Lecture 170 Azure Active Directory Identity Protection Connector

Lecture 171 Defender for Office 365 Connector

Lecture 172 Defender for Endpoint Connector

Lecture 173 Connect Threat Indicators to Microsoft Sentinel

Section 8: Microsoft Sentinel Environment - Incidents,Threat Response , UEBA and Monitoring

Lecture 174 Module 7 Introduction

Lecture 175 Key Concepts of Incident Management

Lecture 176 Investigations in Azure Sentinel

Lecture 177 Key Concepts of Incident Management - II

Lecture 178 Incident Management in Microsoft Sentinel - I

Lecture 179 Incident Management in Microsoft Sentinel - II

Lecture 180 Brute Force attack against Azure Portal - Simulation

Lecture 181 Threat Response with Microsoft Sentinel Playbooks - Introduction/ Use Case

Lecture 182 Step -1 Creating Analytical Rule to look for Role membership changes

Lecture 183 Step 2 - Integrate Log Analytics with Azure AD Audit Logs

Lecture 184 Step 3 - Verify Log Analytics

Lecture 185 Step 4 - Incident Creation in Sentinel

Lecture 186 Step 5 - Create Logic App to Integrate with Microsoft Teams

Lecture 187 Step 6 - Edit Analytical Rule to add Logic App - Playbooks

Lecture 188 Finally !! Testing the Integration

Lecture 189 UEBA - User Entity Behavior Analytics - Introduction

Lecture 190 Entity Behaviour Lab -I

Lecture 191 Entity Behaviour Lab -II

Lecture 192 Workbooks - Introduction

Lecture 193 Create Workbooks Using Template

Lecture 194 Create Workbook from scratch

Section 9: Module 8 Perform Threat Hunting with Microsoft Sentinel

Lecture 195 Module 8 Introduction

Lecture 196 Cyber Security Threat Hunting

Lecture 197 The Need for Proactive Hunting

Lecture 198 Develop a Threat Hunting Hypothesis

Lecture 199 Threat Hunting - Recap

Lecture 200 Notebooks - Introduction

Lecture 201 Sentinel Notebooks - Lab Activity

Section 10: SC 200 - Microsoft Security Operations Analyst - Course Summary

Lecture 202 SC 200 - Microsoft Security Operations Analyst - Course Summary

Participants aspiring for SC 200 Certification,Everyone who aspires to work in the modern age SOC environment,Anyone wants to learn the M365 defender Suite of services