Cloudtidings.com

I have been working on Azure Sentinel projects for the past 12 months and writing IP which uses Azure Sentinel, a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution.

Recently, while working on a Sentinel project for a major enterprise I became aware of a training that Ofer Shezaf from Microsoft has shared and I highly recommend for those who would like to learn and become an expert on Azure Sentinel to check out the the material and curriculum.

The training program includes 16 modules and includes presentations, relevant product documentation, blog posts, and other resources and if you are already familiar with Sentinel, check out the module 9, my preferred one.

Overview

– Module 1: Technical overview

– Module 2: Azure Sentinel role

Designing  Your Deployment

– Module 3: Cloud architecture and multi-workspace/tenant support

– Module 4: Collecting events

– Module 5: Log Management

– Module 6: Integrating threat intelligence

Creating Content

– Module 7: Kusto Query Language (KQL) – the starting point

– Module 8: Writing rules to implement detection

– Module 9: Creating playbooks to implement SOAR

– Module 10: Creating workbooks to implement dashboards and apps

– Module 11: Implementing use cases

Security Operations

– Module 12: A day in a SOC analyst’s life, incident management, and investigation

– Module 13: Hunting

Advanced Topics

– Module 14: Automating and integrating 

– Module 15: Roadmap – since it requires an NDA, contact your Microsoft contact for details.

– Module 16: Where to go next?

You can find the training material here

Image sources: Source image: https://docs.microsoft.com/en-us/azure/sentinel/overview