SC-200 Microsoft Security Operations Analyst Course

Description

Price: 10.00 USD | Size: 8.06 GB |   Duration : 11.38 Hours  | 153 Video Lessons | 

BRAND: Expert TRAINING | ENGLISH | INSTANT DOWNLOAD | 4.9

SC-200 Microsoft Security Operations Analyst Course

Microsoft Security Operations Analyst Training: Mastering SC-200″

SC-200 Microsoft Security Operations Analyst

Chapter 1 Introduction

001. The Need for SOC Team
002. SC-200 – Microsoft Security Operations Analyst – Course Introduction
003. SC-200 – Microsoft Security Operations Analyst – Recent Update
Chapter 10 SC 200 – Microsoft Security Operations Analyst – Course Summary
001. Microsoft Security Operations Analyst – Course Summary
Chapter 2 Module 1- Mitigate Threats Using Microsoft 365 Defender
001. Module 1 – Learning Objectives
002. Introduction to Threat Protection
003. Microsoft 365 Defender Suite
004. Typical Timeline of an Attack
005. Microsoft 365 Defender – Interactive Demonstration
006. Mitigate Incidents Using Microsoft 365 Defender – Chapter Introduction
007. How to Create Your Playground – Lab Environment
008. Microsoft 365 Defender Portal – Introduction
009. Managing Incidents
010. More about Incidents
011. Simulate Incidents – Tor Browser
012. Managing Incidents
013. Managing Alerts
014. Investigating Incidents – MITRE ATT-A-CK
015. Advance Hunting
016. Advance Hunting Schema
017. Exploring the Kusto Queries
018. Microsoft Threat Experts
019. Microsoft Defender for Office 365 – Chapter Introduction
020. Microsoft Defender for Office 365 – Key Capabilities
021. Microsoft Defender for Office 365 – Key Capabilities – II
022. Safeguard Your Organization- M365 Defender for O365 – Lab I
023. Safeguard Your Organization- M365 Defender for O365 – Lab II
024. Attack Simulation – Lab Activity
025. Microsoft Defender for Identity – Introduction
026. What Is Microsoft Defender for Identity
027. Microsoft Defender for Identity – Key Capabilities
028. Installing Sensors on Domain Controller – 1
029. Installing Sensors on Domain Controller – 2
030. Capturing Lateral Movements
031. Threat Hunting Lab
032. Microsoft Defender for Identity Sensors – Architecture
033. Protect Your Identities with Azure AD Identity Protection – Introduction
034. User Risks and Sign-In Risks
035. User Risk Policy and Sign-In Risk Policy – Lab Activity
036. Cloud App Security – Introduction
037. The Cloud App Security Framework
038. Conditional Access App Controls
039. What Is Information Protection
040. Insider Risk Management – Enable Auditing
041. Phases of Cloud App security
042. Cloud App security Phases – Lab Activity
043. Data Loss Prevention – Chapter Introduction
044. DLP Alerts
045. Create Policies for DLP in Compliance Portal
046. Insider Risk Management
047. What Is Insider Risk
048. Pain Points of a Modern Workplace
049. Insider Risk management with M365 Defender
050. Insider Risk Management – Permissions
051. Module 1 – Summary

Chapter 3 Module 2 – Mitigate Threats Using Microsoft Defender for Endpoint
001. Module 2 – Introduction
002. Defender for Endpoint – Features
003. Defender for Endpoint – Terminology
004. Onboarding Devices to Defender
005. Windows 10 Security Enhancements – Chapter Introduction
006. Attack Surface Reduction Rules
007. Attack Surface Rules
008. Device Inventory
009. Device Investigation -Alerts
010. Behavioral Blocking
011. Client Behavioral Blocking
012. EDR- Block Mode
013. EDR- Block Mode – Lab Activity
014. Performing Actions on the Device
015. Live Response
016. Perform Evidence and Entities Investigations
017. User Investigations
018. Advance Automated Remediation Features – Endpoint
019. Managing File Uploads
020. Automation Folder Exclusion
021. File Level Investigation
022. Automating Device Group Remediation
023. Blocking Risky Devices Using Intune, Defender, and Azure AD
024. Configure Alerts and Detections – Chapter Introduction
025. Configuring Advance Features
026. Configuring Email Notifications
027. Indicators of Compromise
028. Threat and Vulnerability Management – Chapter Introduction
029. Threat and Vulnerability Management – Explanation
030. Module 2 – Summary

Chapter 4 Module 3 – Mitigate Threats Using Microsoft Defender for Cloud
001. Module 3 – Introduction
002. What Is Azure Security Center
003. Microsoft Defender for Cloud – Features
004. Azure Defender for Cloud – Lab Activity
005. CSPM and CWP
006. Which Resources Are Protected Using Microsoft Defender
007. Benefits of Azure Defender for Servers
008. Defender for App Services
009. Defender for App Services – Lab
010. Defender for Storage – Lab
011. Defender for SQL – Lab
012. Defender for Keyvault
013. Defender for DNS
014. Defender for Kubernetes
015. Defender for Container Registry
016. Connect Azure Assets to Azure Defender- Chapter Introduction
017. Asset Inventory – Lab
018. Auto-Provisioning
019. Stored Event Types
020. Manual Provisioning
021. Connect Non-Azure Resources to Defender
022. Onboarding Methods
023. Onboard GCP Instance to Azure ARC
024. Onboarding AWS Services to Defender Cloud
025. Remediating Security Alerts- Chapter Introduction
026. Changing World and Attackers
027. What Are Security Alerts and Notifications
028. How Does a Defender Work
029. Alert Severity Level
030. Continuous Monitoring and Assessments
031. MITRE Attack Tactics and Alert Types
032. Remediating Alerts
033. Automated Responses
034. Alert Suppression
035. Module 3 – Summary

Chapter 5 Module 4 – Create Queries for Microsoft Sentinel Using Kusto Query Language
001. Module 4 – Introduction
002. The Construct of KQL Language
003. The Lab Environment
004. Declaring Variables with Let
005. Search and Where Operator
006. Extend Operator
007. Order by Usage
008. Project Operator
009. Summarize, Count, and DCount Functions
010. Arg Max and Arg Min Functions
011. Make List and Make Set Functions
012. Render Operator
013. Bin Function
014. Union Operator
015. Module 4 Summary

Chapter 6 Module 5 – Microsoft Sentinel Environment – Configuration
001. What Is a SIEM Solution
002. What Is Microsoft Sentinel
003. Microsoft Sentinel – Components
004. Data Connectors
005. Log Retention
006. Workbooks
007. Analytics Alerts
008. Threat Hunting
009. Incidents and Investigations
010. Automation Playbooks
011. Creating Azure Sentinel Workspace
012. Azure Sentinel – RBAC
013. Data Connectors
014. Onboarding Windows host to Sentinel
015. Ingesting Events to Sentinel
016. Sentinel Watchlist
017. Sentinel – Creating a Watchlist for Tor Nodes-Edited
018. Sentinel – Create Hunting Query
019. Sentinel – Live Stream
020. Sentinel – Capturing Traffic from TOR Exit Nodes
021. Sentinel – Create Analytical Rules
022. Analytical Rule Type – Fusion
023. Analytical Rule Types – Security Types
024. Analytical Rule Types – ML-Based Behavioral Analytics
025. Analytical Rule Types – Anomaly, Scheduled Alerts, and NRT
026. Creating Analytics Rules Based on Template
027. Creating Analytic Rules Based on Wizard
028. Managing the Rules
029. Define Threat Intelligence – CTI
030. Create TI – Lab Activity

Chapter 7 Module 6 – Microsoft Sentinel Environment – Connecting Logs
001. Module 6 Introduction
002. Connect M365 Defender to Sentinel
003. Office 365 Log Connector
004. Azure Activity Log Connector
005. Azure Active Directory Identity Protection Connector
006. Defender for Office 365 Connector
007. Defender for Endpoint Connector
008. Connect Threat Indicators to Microsoft Sentinel

Chapter 8 Module 7 – Microsoft Sentinel Environment – Incidents, Threat Response, UEBA, and Monitoring
001. Module 7 Introduction
002. Key Concepts of Incident Management – I
003. Investigations in Azure Sentinel
004. Key Concepts of Incident Management – II
005. Incident Management in Microsoft Sentinel – I
006. Incident Management in Microsoft Sentinel – II
007. Brute Force Attack against Azure Portal – Simulation
008. Threat Response with Microsoft Sentinel Playbooks – Introduc
009. Step 1 – Creating Analytical Rule to Look for Role Membershi
010. Step 2 – Integrate Log Analytics with Azure AD Audit Logs
011. Step 3 – Verify Log Analytics
012. Step 4 – Incident Creation in Sentinel
013. Step 5 – Create Logic App to Integrate with Microsoft Teams
014. Step 6 – Edit Analytical Rule to Add Logic App – Playbooks
015. Testing the Integration
016. UEBA – User Entity Behavior Analytics – Introduction
017. Entity Behavior Lab -I
018. Entity Behavior Lab -II
019. Workbooks – Introduction
020. Create Workbooks Using Template
021. Create Workbook from scratch

Chapter 9 Module 8 – Perform Threat Hunting with Microsoft Sentinel
001. Module 8 Introduction
002. Cyber Security Threat Hunting
003. The Need for Proactive Hunting
004. Develop a Threat Hunting Hypothesis
005. Threat Hunting – Recap
006. Notebooks – Introduction
007. Sentinel Notebooks – Lab Activity