SOC Analyst Course - SOC

Beschreibung

The course is dedicated for people who want to learn about Microsoft's cloud environment monitoring tools and framework. At the beginning, we will introduce you to the management of Azure Active Directory, service auditing and logs, roles related to monitoring threats in the cloud, or the implementation of PIM and PAM services.
In the next module we will walk through cloud security configuration best practices with secure score, Azure Defender for servers or security standards recommendations.
During the course you will be able to configure an environment with EDR enabled, where we will try to attack endpoints and user identity and see how EDR behaves. Then we will go through security operations best practices and make hunting queries.
The implemented EDR solution and other components of the security stack will be linked within the Microsoft SIEM, which will allow monitoring and implementation of responses to threats.

error_outline Wichtige Information

Dieses Seminar wird in ENGLISCH gehalten!

expand_more chevron_right Zielgruppe

Ideal candidate for this course:
SOC analysts, Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.
 

    expand_more chevron_right Vorkenntnisse

    To attend this training, you should have a good hands-on experience in administering Windows infrastructure and basic around public cloud concept (Office 365, Azure).

    expand_more chevron_right Detail-Inhalte

    Module 1: Monitoring operations in Azure AD
    • Azure Active Directory Operations and Logs
    • Azure AD Roles
    • Identity Protection – Roles, Review access, alerts, Discovery and Insights
    • How to deal with Audit Log
    • Challenging Azure AD settings in Azure and Office from red team perspective
    • Privileged Identity Management – JITA, Discover and Monitor
    • Office Management API – Logs around Office 365
    • Microsoft Azure Policies – getting started, compliance, remediation, assignments, blueprints
    • Labs

    Module 2: Microsoft 365 security
    • Secure Score and Security Center
    • Best Practices for Improving Your Secure Score
    • Azure Defender for Servers
    • Security Benchmark Policy
    • Labs
    • STIG & CIS – cloud security baseline

    Module 3: Microsoft 365 Defender for Endpoint – EDR
    • Intro 101 (configuration, device inventory, concept, Report, alerts) and EDR deployment
    • Security Operations best practices with Microsoft EDR
    • How to manage Incidents
    • Kusto language 101 – basic and advanced queries
    • Advanced Hunting
    • Partner & APIs
    • Hacker ways to hide malware and bypass EDR
    • Attacks examples and remediation labs
    • EDR Integration with Microsoft Defender for Identity
    • EDR Integration with Microsoft Defender for Office 365

    Module 4: Extended Detection and Response with Sentinel
    • Sentinel 101 - Azure Sentinel Dashboards, Connectors
    • Understanding Normalization in Azure Sentinel
    • Cloud & on-prem architecture
    • Workbooks deep dive - Visualize your security threats and hunts
    • Incidents
    • KQL intro (KQL hands-on lab exercises) and Optimizing Azure Sentinel KQL queries performance
    • Auditing and monitoring your Azure Sentinel workspace
    • Sentinel configuration with Microsoft Cloud stack, EDR and MCAS
    • Fusion ML Detections with Scheduled Analytics Rules
    • Streamlining your SOC Workflow with Automated Notebooks
    • Customizing Azure Sentinel with Python
    • Best Practices for Converting Detection Rules from Splunk, QRadar, and ArcSight to Azure Sentinel Rules
    • Deep Dive into Azure Sentinel Innovations
    • Investigating Azure Security Center alerts using Azure Sentinel
    • Customizable Anomalies and How to Use Them
    • Introduction to Monitoring SAP with Azure Sentinel for Security Professionals
    • Hunting in Sentinel
    • Deep Dive on Threat Intelligence
    • End-to-End SOC scenario with Sentinel

    Module 5: Microsoft Cloud App Security
    • Intro do MCAS
    • Enabling Secure Remote Work
    • App Discovery and Log Collector Configuration
    • Extending real-time monitoring & controls to any app
    • Connecting 3rd party Applications
    • Automation and integration with Microsoft Flow
    • Conditional Access App Control
    • Threat detection
    • Information Protection
    • Labs: Protect Your Environment Using MCAS
    • DLP in Microsoft stack – how to deploy and monitor using MCAS and Sentinel
    • expand_more chevron_right event_available 29.08.-02.09.2022 29.08.2022 Seminarzeitentimer5 Tage roomVirtual-Training (VILT)
      • expand_more chevron_right Virtual Classroom 3.500,00
        • Live Online Training im virtuellen Klassenraum
        • Live Vortrag inkl. Interaktion mit dem/der Trainer*in
        • Seminarunterlagen, Teamwork, Labs
        • Keine hohen Hardware Anforderungen, dennoch Zugriff auf die gewohnte professionelle Übungsumgebung
        • keine Anfahrt ins Seminarzentrum notwendig
    • expand_more chevron_right event_available 10.10.-14.10.2022 10.10.2022 verified_user Termingarantie Seminarzeitentimer5 Tage roomVirtual-Training (VILT)
      • expand_more chevron_right Virtual Classroom 3.500,00
        • Live Online Training im virtuellen Klassenraum
        • Live Vortrag inkl. Interaktion mit dem/der Trainer*in
        • Seminarunterlagen, Teamwork, Labs
        • Keine hohen Hardware Anforderungen, dennoch Zugriff auf die gewohnte professionelle Übungsumgebung
        • keine Anfahrt ins Seminarzentrum notwendig