Sc-200 Microsoft Security Operations Analyst by Christopher Nett

Free download скачать Sc-200 Microsoft Security Operations Analyst by Christopher Nett
Published 12/2023
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.14 GB | Duration: 8h 13m
Elevate your SOC career and get certified now! Learn through practical labs aligned with the official study guide

What you'll learn
Pass the SC-200 Exam
Mitigate threats by using Defender for Cloud (15-20%)
Mitigate threats by using Microsoft Sentinel (50-55%)
Mitigate threats by using Defender XDR (25-30%)
Requirements
Basic IT Knowledge
No Azure or Cyber Security experience necessary
Willingness to learn cool stuff!
Description
In the role of a Microsoft Security Operations Analyst, you play a pivotal role in minimizing organizational risk through the following key responsibilities:Swiftly addressing active attacks within the environment.Providing recommendations for enhancing threat protection practices.Reporting violations of organizational policies to the relevant stakeholders.Your tasks encompass:TriageIncident responseVulnerability managementThreat huntingCyber threat intelligence analysisAs a Microsoft Security Operations Analyst, your focus is on monitoring, identifying, investigating, and responding to threats across multicloud environments. This involves utilizing tools such as Microsoft Sentinel, Microsoft Defender for Cloud, Defender XDR, and third-party security solutions.Collaboration is a crucial aspect of this role, as you work closely with business stakeholders, architects, identity administrators, Azure administrators, and endpoint administrators to fortify the security of IT systems within the organization.Candidates for this position should possess familiarity with:Microsoft 365Azure cloud servicesWindows and Linux operating systemsSkills Overview:Mitigate threats using Microsoft Defender XDR (25-30%)Mitigate threats using Defender for Cloud (15-20%)Mitigate threats using Microsoft Sentinel (50-55%)Mitigate threats within the Microsoft 365 environment by leveraging Microsoft Defender XDR (25-30%). This involves investigating, responding to, and remediating threats across Microsoft Teams, SharePoint Online, and OneDrive. Additionally, address email threats through the utilization of Microsoft Defender for Office 365, respond to alerts generated by data loss prevention (DLP) policies, and handle alerts related to insider risk policies.Manage and discover apps using Microsoft Defender for Cloud Apps, identifying, investigating, and remediating security risks in this area. Ensure endpoint security by utilizing Microsoft Defender for Endpoint, covering tasks such as managing data retention, alert notification, and advanced features, recommending attack surface reduction (ASR) for devices, responding to incidents and alerts, configuring and managing device groups, identifying devices at risk through Defender Vulnerability Management, and managing endpoint threat indicators.Mitigate identity threats by addressing security risks related to Microsoft Entra ID events, Microsoft Entra Identity Protection events, and Active Directory Domain Services (AD DS) using Microsoft Defender for Identity.Handle extended detection and response (XDR) in Microsoft Defender XDR, managing incidents and automated investigations in the portal, overseeing actions and submissions, identifying threats with Kusto Query Language (KQL), remediating security risks with Microsoft Secure Score, analyzing threat analytics, and configuring custom detections and alerts.Additionally, mitigate threats with Defender for Cloud (15-20%). This involves implementing and maintaining cloud security posture management, assigning and managing regulatory compliance policies, improving the Microsoft Defender for Cloud secure score, configuring plans and agents for Defender for Servers and DevOps, managing External Attack Surface Management (EASM), configuring environment settings, and responding to alerts and incidents.Lastly, address threats using Microsoft Sentinel (50-55%). Design and configure a Microsoft Sentinel workspace, plan roles, configure data storage, and implement data connectors for ingestion. Manage analytics rules, develop ASIM parsers, configure security orchestration automated response (SOAR), and manage incidents. Utilize workbooks to analyze and interpret data, hunt for threats with custom queries, and monitor using Livestream. Manage threats with User and Entity Behavior Analytics by configuring settings, investigating threats through entity pages, and setting up anomaly detection analytics rules.
Overview
Section 1: Introduction
Lecture 1 Welcome & About your Instructor
Lecture 2 Course Content & SC-200 Exam
Lecture 3 FAQs
Lecture 4 IMPORTANT - Defender M365 is now Defender XDR
Section 2: SOC Basics
Lecture 5 Complexity and Cyber Security Challenges
Lecture 6 What is a SOC?
Lecture 7 SOC Tier Model
Lecture 8 Cyber Security Incident Reponse Process
Lecture 9 EDR, XDR, SIEM & SOAR
Section 3: Azure Basics
Lecture 10 Cloud Types
Lecture 11 Shared Responsibility Model
Lecture 12 Azure Resource Hierarchy
Section 4: Microsoft Security Basics
Lecture 13 The Microsoft Security Cosmos
Lecture 14 Defending Across Attack Chains
Section 5: Setup Lab Environment
Lecture 15 Demo: Install VirtualBox
Lecture 16 Demo: Configure Kali Keyboard Layout
Lecture 17 Install Tor Browser on Kali
Lecture 18 Deployment Prerequisites for Sentinel
Lecture 19 Demo: Create an Azure Resource Group for Sentinel
Lecture 20 Demo: Create a Log Analytics Workspace
Lecture 21 Demo: Create a Sentinel Workspace
Lecture 22 Demo: Create an Azure Resource Group for Defender for Cloud
Lecture 23 Demo: Enable All Plans in Defender for Cloud
Lecture 24 Demo: Create Virtual Machines
Lecture 25 Demo: Create a Storage Account
Lecture 26 Demo: Create a SQL Database
Lecture 27 Demo: Create an AKS Cluster
Lecture 28 Demo: Create an Azure Key Vault
Section 6: Defender for Cloud - Implement and maintain cloud security posture management
Lecture 29 What is Microsoft Defender for Cloud
Lecture 30 CSPM & CWP
Lecture 31 What is CSPM?
Lecture 32 CSPM Plans
Lecture 33 Asset Inventory
Lecture 34 Demo: Asset Inventory
Lecture 35 Security Recommendations
Lecture 36 Demo: Security Recommendations
Lecture 37 Secure Score
Lecture 38 Demo: Secure Score
Lecture 39 Remediation
Lecture 40 Demo: Remediation
Lecture 41 DevOps Security
Lecture 42 What is Defender for Servers?
Lecture 43 Agents
Lecture 44 Threat Detection for OS Level
Lecture 45 Alerts for Windows Machines
Lecture 46 Alerts for Linux Machines
Lecture 47 Demo: Brute Force SSH
Section 7: Defender for Cloud - Configure environment settings in Defender for Cloud
Lecture 48 Defender for Cloud RBAC
Lecture 49 What is CWP?
Lecture 50 Defender for Databases
Lecture 51 Defender for Storage
Lecture 52 Demo: Defender for Storage
Lecture 53 Defender for Containers
Lecture 54 Demo: Defender for Containers
Lecture 55 Defender for Key Vault
Lecture 56 Demo: Defender for Key Vault
Lecture 57 Defender for Resource Manager
Lecture 58 Demo: Defender for Resource Manager
Lecture 59 Azure Arc
Section 8: Defender for Cloud - Respond to alerts and incidents in Defender for Cloud
Lecture 60 Demo: Manage Alerts and Incidents
Lecture 61 Email Notifications
Lecture 62 Demo: Create Suppression Rules
Lecture 63 Workflow Automation
Lecture 64 Demo: Malware Scanning Response with Workflow Automation & Azure Logic Apps
Lecture 65 Demo: Generate Sample Alerts
Section 9: Sentinel - Design and configure a Microsoft Sentinel workspace
Lecture 66 Azure RBAC & Sentinel
Lecture 67 Demo: Azure RBAC & Sentinel
Section 10: Sentinel - Plan and implement the use of data connectors for ingestion
Lecture 68 Overview
Lecture 69 Typical data sources for a SIEM
Lecture 70 Demo: Content Hub
Lecture 71 Demo: Ingesting Threat Intelligence into Sentinel
Lecture 72 Demo: Verify Threat Intelligence Log Ingestion
Lecture 73 Demo: Ingesting Entra ID into Sentinel
Lecture 74 Demo: Deploy Sentinel Training Lab
Lecture 75 AMA and DCR
Lecture 76 Demo: Ingesting Windows Security Event Logs with AMA and DCR
Section 11: Sentinel - Manage Microsoft Sentinel analytics rules
Lecture 77 Sentinel Workflow
Lecture 78 Analytic rules
Lecture 79 Demo: Analytic Rules
Lecture 80 Scheduled Analytic Rules
Lecture 81 Demo: Scheduled Analytic Rules - Entra ID
Lecture 82 Demo: Scheduled Analytic Rules - Windows Security Events
Lecture 83 Near-Real-Time-Rules (NRT)
Lecture 84 Demo: Near-Real-Time-Rules (NRT)
Lecture 85 Fusion
Lecture 86 Demo: Fusion
Lecture 87 ML Behavior Analytics
Lecture 88 Demo: ML Behavior Analytics
Lecture 89 Threat Intelligence Rules
Lecture 90 Demo: Threat Intelligence Rules
Lecture 91 Microsoft Security Rules
Lecture 92 Demo: Microsoft Security Rules
Section 12: Sentinel - Configure security orchestration automated response (SOAR)
Lecture 93 Automation Capabilities in Sentinel
Lecture 94 Automation rules
Lecture 95 Demo: Automation rules
Lecture 96 Playbooks
Lecture 97 Automation rules vs. Playbooks
Lecture 98 Azure Logic Apps
Lecture 99 Demo: Playbooks & Azure Logic Apps
Lecture 100 Demo: Playbook with MITRE ATT&CK & ChatGPT
Lecture 101 Sentinel REST API
Section 13: Sentinel - Manage Microsoft Sentinel incidents
Lecture 102 Demo: Incident Dashboard
Section 14: Sentinel - Use Microsoft Sentinel workbooks to analyze and interpret data
Lecture 103 Workbooks in Sentinel
Lecture 104 Demo: Create Workbooks
Section 15: Sentinel - Hunt for threats by using Microsoft Sentinel
Lecture 105 Overview on MITRE ATT&CK
Lecture 106 Demo: MITRE ATT&CK
Lecture 107 Demo: ATT&CK in Sentinel
Lecture 108 What is Threat Hunting?
Lecture 109 KQL 101
Lecture 110 Demo: KQL 101
Lecture 111 Demo: Threat Hunting in Sentinel
Lecture 112 Demo: Hunt for Entra ID Events
Lecture 113 Notebooks
Lecture 114 Demo: Notebooks with MSTICPy
Section 16: Sentinel - Manage threats by using entity behavior analytics
Lecture 115 UEBA in Sentinel
Lecture 116 Demo: UEBA in Sentinel
Section 17: Defender XDR - Manage extended detection and response (XDR) in Defender XDR
Lecture 117 What is XDR?
Lecture 118 Demo: Manage Incidents and Alerts
Lecture 119 Demo: Secure Score
Section 18: Defender XDR - Mitigate threats to the Microsoft 365 environment
Lecture 120 What is Defender for Office 365?
Lecture 121 Defender for Office 365 - Edge Protection
Lecture 122 Defender for Office 365 - Sender Intelligence
Lecture 123 Defender for Office 365 - Content Filtering
Lecture 124 Defender for Office 365 - Post Delivery Protection
Lecture 125 Demo: Preset Security Policies
Lecture 126 Demo: Anti-Phishing Policy
Lecture 127 Demo: Anti-Spam Policy
Lecture 128 Demo: Anti-Malware Policy
Lecture 129 Demo: Safe Attachments
Lecture 130 Demo: Safe Links
Lecture 131 Demo: Tenant Allow/Block Lists
Lecture 132 What is Defender for Cloud Apps?
Lecture 133 Demo: Cloud App Catalog
Lecture 134 Demo: Cloud App Policies
Lecture 135 What is Microsoft Purview?
Lecture 136 Demo: Data Loss Prevention Policies
Lecture 137 Demo: Insider Risk Policies
Section 19: Defender XDR - Mitigate endpoint threats by using Defender for Endpoint
Lecture 138 What is Defender for Endpoint?
Lecture 139 Demo: Management and Administration
Lecture 140 Demo: Vulnerability Management
Section 20: Defender XDR - Mitigate identity threats
Lecture 141 Identities are the new security perimeter!
Lecture 142 NTLM
Lecture 143 Pass-the-Hash Attacks
Lecture 144 Kerberos
Lecture 145 Pass-The-Ticket Attacks
Lecture 146 Brute Force Attacks
Lecture 147 Remote Code Execution Attacks
Lecture 148 What is Defender for Identity?
SOC Analyst,Security Engineer,Security Consultant,Security Architect,Security Manager,Cloud Engineer,Cloud Architect,IT Manager

Homepage

Код:

https://www.udemy.com/course/sc-200-microsoft-security-operations-analyst-r/

Buy Premium From My Links To Get Resumable Support,Max Speed & Support Me

No Password - Links are Interchangeable

www.prizrak.ws

Меню навигации

Пользовательские ссылки

Информация о пользователе

Sc-200 Microsoft Security Operations Analyst by Christopher Nett

Сообщений 1 страница 1 из 1

Поделиться12023-12-27 21:14:39

Похожие темы