Sc-200 Microsoft Security Operations Analyst by Christopher Nett

Home : Book details : Book description

Description of Sc-200 Microsoft Security Operations Analyst by Christopher Nett

Published 12/2023
MP4 | Video: h264, 1920x1080 | Audio: AAC, 44.1 KHz
Language: English | Size: 2.14 GB | Duration: 8h 13m
Elevate your SOC career and get certified now! Learn through practical labs aligned with the official study guide

What you'll learn
Pass the SC-200 Exam
Mitigate threats by using Defender for Cloud (15a??20%)
Mitigate threats by using Microsoft Sentinel (50a??55%)
Mitigate threats by using Defender XDR (25a??30%)
Requirements
Basic IT Knowledge
No Azure or Cyber Security experience necessary
Willingness to learn cool stuff!
Description
In the role of a Microsoft Security Operations Analyst, you play a pivotal role in minimizing organizational risk through the following key responsibilities:Swiftly addressing active attacks within the environment.Providing recommendations for enhancing threat protection practices.Reporting violations of organizational policies to the relevant stakeholders.Your tasks encompass:TriageIncident responseVulnerability managementThreat huntingCyber threat intelligence analysisAs a Microsoft Security Operations Analyst, your focus is on monitoring, identifying, investigating, and responding to threats across multicloud environments. This involves utilizing tools such as Microsoft Sentinel, Microsoft Defender for Cloud, Defender XDR, and third-party security solutions.Collaboration is a crucial aspect of this role, as you work closely with business stakeholders, architects, identity administrators, Azure administrators, and endpoint administrators to fortify the security of IT systems within the organization.Candidates for this position should possess familiarity with:Microsoft 365Azure cloud servicesWindows and Linux operating systemsSkills Overview:Mitigate threats using Microsoft Defender XDR (25a??30%)Mitigate threats using Defender for Cloud (15a??20%)Mitigate threats using Microsoft Sentinel (50a??55%)Mitigate threats within the Microsoft 365 environment by leveraging Microsoft Defender XDR (25a??30%). This involves investigating, responding to, and remediating threats across Microsoft Teams, SharePoint Online, and OneDrive. Additionally, address email threats through the utilization of Microsoft Defender for Office 365, respond to alerts generated by data loss prevention (DLP) policies, and handle alerts related to insider risk policies.Manage and discover apps using Microsoft Defender for Cloud Apps, identifying, investigating, and remediating security risks in this area. Ensure endpoint security by utilizing Microsoft Defender for Endpoint, covering tasks such as managing data retention, alert notification, and advanced features, recommending attack surface reduction (ASR) for devices, responding to incidents and alerts, configuring and managing device groups, identifying devices at risk through Defender Vulnerability Management, and managing endpoint threat indicators.Mitigate identity threats by addressing security risks related to Microsoft Entra ID events, Microsoft Entra Identity Protection events, and Active Directory Domain Services (AD DS) using Microsoft Defender for Identity.Handle extended detection and response (XDR) in Microsoft Defender XDR, managing incidents and automated investigations in the portal, overseeing actions and submissions, identifying threats with Kusto Query Language (KQL), remediating security risks with Microsoft Secure Score, analyzing threat analytics, and configuring custom detections and alerts.Additionally, mitigate threats with Defender for Cloud (15a??20%). This involves implementing and maintaining cloud security posture management, assigning and managing regulatory compliance policies, improving the Microsoft Defender for Cloud secure score, configuring plans and agents for Defender for Servers and DevOps, managing External Attack Surface Management (EASM), configuring environment settings, and responding to alerts and incidents.Lastly, address threats using Microsoft Sentinel (50a??55%). Design and configure a Microsoft Sentinel workspace, plan roles, configure data storage, and implement data connectors for ingestion. Manage analytics rules, develop ASIM parsers, configure security orchestration automated response (SOAR), and manage incidents. Utilize workbooks to analyze and interpret data, hunt for threats with custom queries, and monitor using Livestream. Manage threats with User and Entity Behavior Analytics by configuring settings, investigating threats through entity pages, and setting up anomaly detection analytics rules.
Overview
Section 1: Introduction
Lecture 1 Welcome & About your Instructor
Lecture 2 Course Content & SC-200 Exam
Lecture 3 FAQs
Lecture 4 IMPORTANT - Defender M365 is now Defender XDR
Section 2: SOC Basics
Lecture 5 Complexity and Cyber Security Challenges
Lecture 6 What is a SOC?
Lecture 7 SOC Tier Model
Lecture 8 Cyber Security Incident Reponse Process
Lecture 9 EDR, XDR, SIEM & SOAR
Section 3: Azure Basics
Lecture 10 Cloud Types
Lecture 11 Shared Responsibility Model
Lecture 12 Azure Resource Hierarchy
Section 4: Microsoft Security Basics
Lecture 13 The Microsoft Security Cosmos
Lecture 14 Defending Across Attack Chains
Section 5: Setup Lab Environment
Lecture 15 Demo: Install VirtualBox
Lecture 16 Demo: Configure Kali Keyboard Layout
Lecture 17 Install Tor Browser on Kali
Lecture 18 Deployment Prerequisites for Sentinel
Lecture 19 Demo: Create an Azure Resource Group for Sentinel
Lecture 20 Demo: Create a Log Analytics Workspace
Lecture 21 Demo: Create a Sentinel Workspace
Lecture 22 Demo: Create an Azure Resource Group for Defender for Cloud
Lecture 23 Demo: Enable All Plans in Defender for Cloud
Lecture 24 Demo: Create Virtual Machines
Lecture 25 Demo: Create a Storage Account
Lecture 26 Demo: Create a SQL Database
Lecture 27 Demo: Create an AKS Cluster
Lecture 28 Demo: Create an Azure Key Vault
Section 6: Defender for Cloud - Implement and maintain cloud security posture management
Lecture 29 What is Microsoft Defender for Cloud
Lecture 30 CSPM & CWP
Lecture 31 What is CSPM?
Lecture 32 CSPM Plans
Lecture 33 Asset Inventory
Lecture 34 Demo: Asset Inventory
Lecture 35 Security Recommendations
Lecture 36 Demo: Security Recommendations
Lecture 37 Secure Score
Lecture 38 Demo: Secure Score
Lecture 39 Remediation
Lecture 40 Demo: Remediation
Lecture 41 DevOps Security
Lecture 42 What is Defender for Servers?
Lecture 43 Agents
Lecture 44 Threat Detection for OS Level
Lecture 45 Alerts for Windows Machines
Lecture 46 Alerts for Linux Machines
Lecture 47 Demo: Brute Force SSH
Section 7: Defender for Cloud - Configure environment settings in Defender for Cloud
Lecture 48 Defender for Cloud RBAC
Lecture 49 What is CWP?
Lecture 50 Defender for Databases
Lecture 51 Defender for Storage
Lecture 52 Demo: Defender for Storage
Lecture 53 Defender for Containers
Lecture 54 Demo: Defender for Containers
Lecture 55 Defender for Key Vault
Lecture 56 Demo: Defender for Key Vault
Lecture 57 Defender for Resource Manager
Lecture 58 Demo: Defender for Resource Manager
Lecture 59 Azure Arc
Section 8: Defender for Cloud - Respond to alerts and incidents in Defender for Cloud
Lecture 60 Demo: Manage Alerts and Incidents
Lecture 61 Email Notifications
Lecture 62 Demo: Create Suppression Rules
Lecture 63 Workflow Automation
Lecture 64 Demo: Malware Scanning Response with Workflow Automation & Azure Logic Apps
Lecture 65 Demo: Generate Sample Alerts
Section 9: Sentinel - Design and configure a Microsoft Sentinel workspace
Lecture 66 Azure RBAC & Sentinel
Lecture 67 Demo: Azure RBAC & Sentinel
Section 10: Sentinel - Plan and implement the use of data connectors for ingestion
Lecture 68 Overview
Lecture 69 Typical data sources for a SIEM
Lecture 70 Demo: Content Hub
Lecture 71 Demo: Ingesting Threat Intelligence into Sentinel
Lecture 72 Demo: Verify Threat Intelligence Log Ingestion
Lecture 73 Demo: Ingesting Entra ID into Sentinel
Lecture 74 Demo: De