Skip to main content
SC-200T00: Microsoft Security Operations Analyst
0%
Previous
Course data
Introduction
Audio Book SC-200T00
Lesson 1: SC-200: Mitigate threats using Microsoft Defender XDR
Lesson 1: SC-200: Mitigate threats using Microsoft Defender XDR
Audio Lesson 1: SC-200: Mitigate threats using Microsoft Defender XDR
Podcast Lesson 1: SC-200: Mitigate threats using Microsoft Defender XDR
1.1.1 Introduction
1.1.2 Explore Extended Detection & Response (XDR) response use cases
1.1.3 Understand Microsoft Defender XDR in a Security Operations Center (SOC)
1.1.4 Explore Microsoft Security Graph
1.1.5 Summary and resources
Interactive Quiz/Activity- Sequence
Graded Assessment- 5 Question
1.2.1 Introduction
1.2.2 (Part 1) Use the Microsoft Defender portal
1.2.2 (Part 2) Use the Microsoft Defender portal
1.2.3 (Part 1) Manage incidents
1.2.3 (Part 2) Manage incidents
1.2.4 Investigate incidents
1.2.5 (Part 1) Manage and investigate alerts
1.2.5 (Part 2) Manage and investigate alerts
1.2.6 Manage automated investigations
1.2.7 (Part 1) Use the action center
1.2.7 (Part 2) Use the action center
1.2.8 (Part 1) Explore advanced hunting
1.2.8 (Part 2) Explore advanced hunting
1.2.9 Investigate Microsoft Entra sign-in logs
1.2.10 Understand Microsoft Secure Score
1.2.11 (Part 1) Analyze threat analytics
1.2.11 (Part 2) Analyze threat analytics
1.2.12 Analyze reports
1.2.13 Configure the Microsoft Defender portal
1.2.14 Summary and resources
Interactive Quiz/Activity- True/False
Graded Assessment- 5 Question
1.3.1 Introduction to Microsoft Defender for Office 365
1.3.2 Automate, investigate, and remediate
1.3.3 Configure, protect, and detect
1.3.4 Simulate attacks
1.3.5 Summary and knowledge check
Interactive Quiz/Activity- Short Answer
Graded Assessment- 5 Question
1.4.1 Introduction
1.4.2 Review identity protection basics
1.4.3 Implement and manage user risk policy
1.4.4 (Part 1) Monitor, investigate, and remediate elevated risky users
1.4.4 (Part 2) Monitor, investigate, and remediate elevated risky users
1.4.5 Implement security for workload identities
1.4.6 Explore Microsoft Defender for Identity
1.4.7 Summary and resources
Interactive Quiz/Activity- Drag-and-Drop
Graded Assessment- 5 Question
1.5.1 Introduction to Microsoft Defender for Identity
1.5.2 Configure Microsoft Defender for Identity sensors
1.5.3 Review compromised accounts or data
1.5.4 Integrate with other Microsoft tools
1.5.5 Summary and knowledge check
Interactive Quiz/Activity- Tab
Graded Assessment- 5 Question
1.6.1 Introduction
1.6.2 Understand the Defender for Cloud Apps Framework
1.6.3 Explore your cloud apps with Cloud Discovery
1.6.4 Protect your data and apps with Conditional Access App Control
1.6.5 Classify and protect sensitive information
1.6.6 Detect Threats
1.6.7 Summary
Interactive Quiz/Activity- Flip Card
Graded Assessment- 5 Question
Lesson 2: SC-200: Mitigate threats using Microsoft Security Copilot
Lesson 2: SC-200: Mitigate threats using Microsoft Security Copilot
Audio Lesson 2: SC-200: Mitigate threats using Microsoft Security Copilot
Podcast Lesson 2: SC-200: Mitigate threats using Microsoft Security Copilot
2.1.1 Introduction
2.1.2 What is generative AI?
2.1.3 What are language models?
2.1.4 Using language models
2.1.5 Copilot and AI agents
2.1.6 Understand Microsoft Copilot
2.1.7 Considerations for prompts
2.1.8 Extending and developing copilot-like agents
2.1.9 Summary
Interactive Quiz/Activity- Short Answer
Graded Assessment- 5 Question
2.2.1 Introduction
2.2.2 Get acquainted with Microsoft Security Copilot
2.2.3 Describe Microsoft Security Copilot terminology
2.2.4 Describe how Microsoft Security Copilot processes prompt requests
2.2.5 Describe the elements of an effective prompt
2.2.6 (Part 1) Describe how to enable Microsoft Security Copilot
2.2.6 (Part 2) Describe how to enable Microsoft Security Copilot
2.2.7 Summary and resources
Interactive Quiz/Activity- True/False
Graded Assessment- 5 Question
2.3.1 Introduction
2.3.2 (Part 1) Describe the features available in the standalone experience of Microsoft Security Copilot
2.3.2 (Part 2) Describe the features available in the standalone experience of Microsoft Security Copilot
2.3.3 Describe the features available in a session of the standalone experience
2.3.3.1 Describe Workspaces
2.3.4 (Part 1) Describe the Microsoft plugins available in Microsoft Security Copilot
2.3.4 (Part 2) Describe the Microsoft plugins available in Microsoft Security Copilot
2.3.4 (Part 3) Describe the Microsoft plugins available in Microsoft Security Copilot
2.3.5 Describe the non-Microsoft plugins supported by Microsoft Security Copilot
2.3.6 Describe custom promptbooks
2.3.7 Describe knowledge base connections
2.3.8 Summary and resources
Interactive Quiz/Activity- Sequence
Graded Assessment- 5 Question
2.4.1 Introduction
2.4.2 (Part 1) Describe Copilot in Microsoft Defender XDR
2.4.2 (Part 2) Describe Copilot in Microsoft Defender XDR
2.4.3 Copilot in Microsoft Purview
2.4.4 Copilot in Microsoft Entra
2.4.5 Copilot in Microsoft Intune
2.4.6 Copilot in Microsoft Defender for Cloud (Preview)
2.4.7 Summary and resources
Interactive Quiz/Activity- Tab
Graded Assessment- 5 Question
2.5.1 Introduction
2.5.2 Explore the first run experience
2.5.3 (Part 1) Explore the standalone experience
2.5.3 (Part 2) Explore the standalone experience
2.5.4 Configure the Microsoft Sentinel plugin
2.5.5 Enable a custom plugin
2.5.6 Explore file uploads as a knowledge base
2.5.7 Create a custom promptbook
2.5.8 Explore the capabilities of Copilot in Microsoft Defender XDR
2.5.9 Explore the capabilities of Copilot in Microsoft Purview
2.5.10 Summary and resources
Interactive Quiz/Activity- Drag-and-Drop
Graded Assessment- 5 Question
Lesson 3: SC-200: Mitigate threats using Microsoft Purview
Lesson 3: SC-200: Mitigate threats using Microsoft Purview
Audio Lesson 3: SC-200: Mitigate threats using Microsoft Purview
Podcast Lesson 3: SC-200: Mitigate threats using Microsoft Purview
3.1.1 Introduction
3.1.2 Describe data loss prevention alerts
3.1.3 Investigate data loss prevention alerts in Microsoft Purview
3.1.4 Investigate data loss prevention alerts in Microsoft Defender for Cloud Apps
3.1.5 Summary and resources
Interactive Quiz/Activity- True/False
Graded Assessment- 5 Question
3.2.1 Insider risk management overview
3.2.2 (Part 1) Introduction to managing insider risk policies
3.2.2 (Part 2) Introduction to managing insider risk policies
3.2.3 Create and manage insider risk policies
3.2.4 Investigate insider risk alerts
3.2.5 (Part 1) Take action on insider risk alerts through cases
3.2.5 (Part 2) Take action on insider risk alerts through cases
3.2.6 (Part 1) Manage insider risk management forensic evidence
3.2.6 (Part 2) Manage insider risk management forensic evidence
3.2.7 Create insider risk management notice templates
3.2.8 Summary and knowledge check
Interactive Quiz/Activity- Short Answer
Graded Assessment- 5 Question
3.3.1 Introduction
3.3.2 Microsoft Purview Audit overview
3.3.3 Configure and manage Microsoft Purview Audit
3.3.4 Conduct searches with Audit (Standard)
3.3.5 Audit Microsoft Copilot for Microsoft 365 interactions
3.3.6 Investigate activities with Audit (Premium)
3.3.7 Export audit log data
3.3.8 Configure audit retention with Audit (Premium)
3.3.9 Summary
Interactive Quiz/Activity- Sequence
Graded Assessment- 5 Question
3.4.1 Introduction
3.4.2 Explore Microsoft Purview eDiscovery solutions
3.4.3 Create a content search
3.4.4 View the search results and statistics
3.4.5 (Part 1) Export the search results and search report
3.4.5 (Part 2) Export the search results and search report
3.4.6 (Part 1) Configure search permissions filtering
3.4.6 (Part 2) Configure search permissions filtering
3.4.7 Search for and delete email messages
3.4.8 Summary
Interactive Quiz/Activity- Tab
Graded Assessment- 5 Question
Lesson 4: SC-200: Mitigate threats using Microsoft Defender for Endpoint
Lesson 4: SC-200: Mitigate threats using Microsoft Defender for Endpoint
Audio Lesson 4: SC-200: Mitigate threats using Microsoft Defender for Endpoint
Podcast Lesson 4: SC-200: Mitigate threats using Microsoft Defender for Endpoint
4.1.1 Introduction to Microsoft Defender for Endpoint
4.1.2 Practice security administration
4.1.3 Hunt threats within your network
4.1.4 Summary and knowledge check
Interactive Quiz/Activity- Short Answer
Graded Assessment- 5 Question
4.2.1 Introduction
4.2.2 Create your environment
4.2.3 Understand operating systems compatibility and features
4.2.4 Onboard devices
4.2.5 Manage access
4.2.6 Create and manage roles for role-based access control
4.2.7 Configure device groups
4.2.8 (Part 1) Configure environment advanced features
4.2.8 (Part 2) Configure environment advanced features
4.2.9 Summary and resources
Interactive Quiz/Activity- True/False
Graded Assessment- 5 Question
4.3.1 Introduction
4.3.2 Understand attack surface reduction
4.3.3 (Part 1) Enable attack surface reduction rules
4.3.3 (Part 2) Enable attack surface reduction rules
4.3.4 Summary and resources
Interactive Quiz/Activity- Sequence
Graded Assessment- 5 Question
4.4.1 Introduction
4.4.2 Use the device inventory list
4.4.3 Investigate the device
4.4.4 Use behavioral blocking
4.4.5 Detect devices with device discovery
4.4.6 Summary and resources
Interactive Quiz/Activity- Drag-and-Drop
Graded Assessment- 5 Question
4.5.1 Introduction
4.5.2 Explain device actions
4.5.3 Run Microsoft Defender antivirus scan on devices
4.5.4 Collect investigation package from devices
4.5.5 (Part 1) Initiate live response session
4.5.5 (Part 2) Initiate live response session
4.5.6 Summary and resources
Interactive Quiz/Activity- Flip Card
Graded Assessment- 5 Question
4.6.1 Introduction
4.6.2 (Part 1) Investigate a file
4.6.2 (Part 2) Investigate a file
4.6.3 Investigate a user account
4.6.4 Investigate an IP address
4.6.5 Investigate a domain
4.6.6 Summary and resources
Interactive Quiz/Activity- Carousel/Slideshow
Graded Assessment- 5 Question
4.7.1 Introduction
4.7.2 Configure advanced features
4.7.3 Manage automation upload and folder settings
4.7.4 Configure automated investigation and remediation capabilities
4.7.5 Block at risk devices
4.7.6 Summary and resources
Interactive Quiz/Activity- True/False
Graded Assessment- 5 Question
4.8.1 Introduction
4.8.2 Configure advanced features
4.8.3 Configure alert notifications
4.8.4 Manage alert suppression
4.8.5 (Part 1) Manage indicators
4.8.5 (Part 2) Manage indicators
4.8.6 Summary and resources
Interactive Quiz/Activity- Tab
Graded Assessment- 5 Question
4.9.1 Introduction
4.9.2 Understand vulnerability management
4.9.3 Explore vulnerabilities on your devices
4.9.4 Manage remediation
4.9.5 Summary and resources
Interactive Quiz/Activity- Drag-and-Drop
Graded Assessment- 5 Question
Lesson 5: SC-200: Mitigate threats using Microsoft Defender for Cloud
Lesson 5: SC-200: Mitigate threats using Microsoft Defender for Cloud
Audio Lesson 5: SC-200: Mitigate threats using Microsoft Defender for Cloud
Podcast Lesson 5: SC-200: Mitigate threats using Microsoft Defender for Cloud
5.1.1 Introduction
5.1.2 Explain Microsoft Defender for Cloud
5.1.3 Describe Microsoft Defender for Cloud workload protections
5.1.4 Enable Microsoft Defender for Cloud
5.1.5 Summary and resources
Interactive Quiz/Activity- Sequence
Graded Assessment- 5 Question
5.2.1 Introduction
5.2.2 Explore and manage your resources with asset inventory
5.2.3 Configure auto provisioning
5.2.4 Manual log analytics agent provisioning
5.2.5 Summary and resources
Interactive Quiz/Activity- Flip Card
Graded Assessment- 5 Question
5.3.1 Introduction
5.3.2 Protect non-Azure resources
5.3.3 Connect non-Azure machines
5.3.4 Connect your AWS accounts
5.3.5 Connect your GCP accounts
5.3.6 Summary and resources
Interactive Quiz/Activity- True/False
Graded Assessment- 5 Question
5.4.1 Introduction
5.4.2 Explore Secure Score
5.4.3 Explore Recommendations
5.4.4 Measure and enforce regulatory compliance
5.4.5 Understand Workbooks
5.4.6 Summary and resources
Interactive Quiz/Activity- Short Answer
Graded Assessment- 5 Question
5.5.1 Introduction
5.5.2 Understand Microsoft Defender for servers
5.5.3 Understand Microsoft Defender for App Service
5.5.4 Understand Microsoft Defender for Storage
5.5.5 Understand Microsoft Defender for SQL
5.5.6 Understand Microsoft Defender for open-source databases
5.5.7 Understand Microsoft Defender for Key Vault
5.5.8 Understand Microsoft Defender for Resource Manager
5.5.9 Understand Microsoft Defender for DNS
5.5.10 Understand Microsoft Defender for Containers
5.5.11 Understand Microsoft Defender additional protections
5.5.12 Summary and resources
Interactive Quiz/Activity- Carousel/Slideshow
Graded Assessment- 5 Question
5.6.1 Introduction
5.6.2(Part 1) Understand security alerts
5.6.2(Part 2) Understand security alerts
5.6.3 Remediate alerts and automate responses
5.6.4 Suppress alerts from Defender for Cloud
5.6.5 Generate threat intelligence reports
5.6.6 Respond to alerts from Azure resources
5.6.7 Summary and resources
Interactive Quiz/Activity- Tab
Graded Assessment- 5 Question
Lesson 6: SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
Lesson 6: SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
Audio Lesson 6: SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
Podcast Lesson 6: SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
6.1.1 Introduction
6.1.2 Understand the Kusto Query Language statement structure
6.1.3 Use the search operator
6.1.4 Use the where operator
6.1.5 Use the let statement
6.1.6 Use the extend operator
6.1.7 Use the order by operator
6.1.8 Use the project operators
6.1.9 Summary and resources
Interactive Quiz/Activity- True/False
Graded Assessment- 5 Question
6.2.1 Introduction
6.2.2 Use the summarize operator
6.2.3 Use the summarize operator to filter results
6.2.4 Use the summarize operator to prepare data
6.2.5 Use the render operator to create visualizations
6.2.6 Summary and resources
Interactive Quiz/Activity- Short Answer
Graded Assessment- 5 Question
6.3.1 Introduction
6.3.2 Use the union operator
6.3.3 Use the join operator
6.3.4 Summary and resources
Interactive Quiz/Activity- Sequence
Graded Assessment- 5 Question
6.4.1 Introduction
6.4.2 Extract data from unstructured string fields
6.4.3 Extract data from structured string data
6.4.4 Integrate external data
6.4.5 Create parsers with functions
6.4.6 Summary and resources
Interactive Quiz/Activity- Drag-and-Drop
Graded Assessment- 5 Question
Lesson 7: SC-200: Configure your Microsoft Sentinel environment
Lesson 7: SC-200: Configure your Microsoft Sentinel environment
Audio Lesson 7: SC-200: Configure your Microsoft Sentinel environment
Podcast Lesson 7: SC-200: Configure your Microsoft Sentinel environment
7.1.1 Introduction
7.1.2 What is Microsoft Sentinel?
7.1.3 How Microsoft Sentinel works
7.1.4 When to use Microsoft Sentinel
7.1.5 Summary
Interactive Quiz/Activity- Sequence
Graded Assessment- 5 Question
7.2.1 Introduction
7.2.2 Plan for the Microsoft Sentinel workspace
7.2.3 Create a Microsoft Sentinel workspace
7.2.4 Manage workspaces across tenants using Azure Lighthouse
7.2.5 Understand Microsoft Sentinel permissions and roles
7.2.6 Manage Microsoft Sentinel settings
7.2.7 Configure logs
7.2.8 Summary and resources
Interactive Quiz/Activity- Short Answer
Graded Assessment- 5 Question
7.3.1 Introduction
7.3.2 Query logs in the logs page
7.3.3 Understand Microsoft Sentinel tables
7.3.4 Understand common tables
7.3.5 Understand Microsoft Defender XDR tables
7.3.6 Summary and resources
Interactive Quiz/Activity- True/False
Graded Assessment- 5 Question
7.4.1 Introduction
7.4.2 Plan for watchlists
7.4.3 Create a watchlist
7.4.4 Manage watchlists
7.4.5 Summary and resources
Interactive Quiz/Activity- Drag-and-Drop
Graded Assessment- 5 Question
7.5.1 Introduction
7.5.2 Define threat intelligence
7.5.3 Manage your threat indicators
7.5.4 View your threat indicators with KQL
7.5.5 Summary and resources
Interactive Quiz/Activity- Flip Card
Graded Assessment- 5 Question
7.6.1 Introduction
7.6.2 Understand the benefits of integrating Microsoft Sentinel with Defender XDR
7.6.3 Explore the capability differences between Microsoft Defender XDR and Microsoft Sentinel portals
7.6.4 Onboarding Microsoft Sentinel to Microsoft Defender XDR
7.6.5 Explore Microsoft Sentinel features in Microsoft Defender XDR
7.6.5.1 Search for specific events across large datasets in Microsoft Sentinel
7.6.5.2 Restore archived logs from search
7.6.5.3 Visualize and monitor your data by using workbooks in Microsoft Sentinel
7.6.5.4 (Part 1) Conduct end-to-end threat hunting with Hunts
7.6.5.4 (Part 2) Conduct end-to-end threat hunting with Hunts
7.6.5.5 Use hunting bookmarks for data investigations
7.6.5.6 Use hunting Livestream in Microsoft Sentinel to detect threat
7.6.5.7 Hunt for security threats with Jupyter notebooks
7.6.5.8 Add indicators in bulk to Microsoft Sentinel threat intelligence from a CSV or JSON file
7.6.5.9 Work with threat indicators in Microsoft Sentinel
7.6.5.10 Understand security coverage by the MITRE ATT&CK framework
7.6.5.11 Discover and manage Microsoft Sentinel out-of-the-box content
7.6.5.12 Microsoft Sentinel content hub catalog
7.6.5.13 Deploy content as code from your repository
7.6.5.14 Find your Microsoft Sentinel data connector
7.6.5.15.1 Create custom analytics rules to detect threats
7.6.5.15.2 Create custom analytics rules to detect threats
7.6.5.16 Work with near-real-time (NRT) detection analytics rules in Microsoft Sentinel
7.6.5.17 Create watchlists
7.6.5.18 Manage watchlists in Microsoft Sentinel
7.6.5.19 Create automation rules
7.6.5.20 Create and customize Microsoft Sentinel playbooks from content templates
7.6.6 Summary
Interactive Quiz/Activity- Carousel/Slideshow
Graded Assessment- 5 Question
Lesson 8: SC-200: Connect logs to Microsoft Sentinel
Lesson 8: SC-200: Connect logs to Microsoft Sentinel
Audio Lesson 8: SC-200: Connect logs to Microsoft Sentinel
Podcsat Lesson 8: SC-200: Connect logs to Microsoft Sentinel (copy)
8.1.1 Introduction
8.1.2 Ingest log data with data connectors
8.1.3 Understand data connector providers
8.1.4 View connected hosts
8.1.5 Summary and resources
Interactive Quiz/Activity- Short Answer
Graded Assessment- 5 Question
8.2.1 Introduction
8.2.2 Plan for Microsoft services connectors
8.2.3 Connect the Microsoft 365 connector
8.2.4 Connect the Microsoft Entra connector
8.2.5 Connect the Microsoft Entra ID Protection connector
8.2.6 Connect the Azure Activity connector
8.2.7 Summary and resources
Interactive Quiz/Activity- True/False
Graded Assessment- 5 Question
8.3.1 Introduction
8.3.2 Plan for Microsoft Defender XDR connectors
8.3.3 Connect the Microsoft Defender XDR connector
8.3.4 Connect Microsoft Defender for Cloud connector
8.3.5 Connect Microsoft Defender for IoT
8.3.6 Connect Microsoft Defender legacy connectors
8.3.7 Summary and resources
Interactive Quiz/Activity- Sequence
Graded Assessment- 5 Question
8.4.1 Introduction
8.4.2 Plan for Windows hosts security events connector
8.4.3 Connect using the Windows Security Events via AMA Connector
8.4.4 Connect using the Security Events via Legacy Agent Connector
8.4.5 Collect Sysmon event logs
8.4.6 Summary and resources
Interactive Quiz/Activity- Drag-and-Drop
Graded Assessment- 5 Question
8.5.1 Introduction
8.5.2 Plan for Common Event Format connector
8.5.3 Connect your external solution using the Common Event Format connector
8.5.4 Summary and resources
Interactive Quiz/Activity- Flip Card
Graded Assessment- 5 Question
8.6.1 Introduction
8.6.2 Plan for syslog data collection
8.6.3 Collect data from Linux-based sources using syslog
8.6.4 Configure the Data Collection Rule for Syslog Data Sources
8.6.5 Parse syslog data with KQL
8.6.6 Summary and resources
Interactive Quiz/Activity- Tab
Graded Assessment- 5 Question
8.7.1 Introduction
8.7.2 Plan for threat intelligence connectors
8.7.3 Connect the Defender Threat Intelligence connector
8.7.4 Connect the threat intelligence TAXII connector
8.7.5 Connect the threat intelligence Upload API connector
8.7.6 View your threat indicators with KQL
8.7.7 Summary and resources
Interactive Quiz/Activity- Carousel/Slideshow
Graded Assessment- 5 Question
Lesson 9: SC-200: Create detections and perform investigations using Microsoft Sentinel
Lesson 9: SC-200: Create detections and perform investigations using Microsoft Sentinel
Audio Lesson 9: SC-200: Create detections and perform investigations using Microsoft Sentinel
Podcast Lesson 9: SC-200: Create detections and perform investigations using Microsoft Sentinel (copy)
9.1.1 Introduction
9.1.2 What is Microsoft Sentinel Analytics?
9.1.3 Types of analytics rules
9.1.4 Create an analytics rule from templates
9.1.5 Create an analytics rule from wizard
9.1.6 Manage analytics rules
9.1.7 Summary
Interactive Quiz/Activity- Drag-and-Drop
Graded Assessment- 5 Question
9.2.1 Introduction
9.2.2 Understand automation options
9.2.3 Create automation rules
9.2.4 Summary and resources
Interactive Quiz/Activity- True/False
Graded Assessment- 5 Question
9.3.1 Introduction
9.3.2 What are Microsoft Sentinel playbooks?
9.3.3 Trigger a playbook in real-time
9.3.4 Run playbooks on demand
9.3.5 Summary
Interactive Quiz/Activity- Short Answer
Graded Assessment- 5 Question
9.4.1 Introduction
9.4.2 Understand incidents
9.4.3 Incident evidence and entities
9.4.4 Incident management
9.4.5 Summary
Interactive Quiz/Activity- Sequence
Graded Assessment- 5 Question
9.5.1 Introduction
9.5.2 Understand behavioral analytics
9.5.3 Explore entities
9.5.4 Display entity behavior information
9.5.5 Use Anomaly detection analytical rule templates
9.5.6 Summary and resources
Interactive Quiz/Activity- Tab
Graded Assessment- 5 Question
9.6.1 Introduction
9.6.2 Understand data normalization
9.6.3 Use ASIM Parsers
9.6.4 Understand parameterized KQL functions
9.6.5 Create an ASIM Parser (Part 1)
9.6.5 Create an ASIM Parser (Part 2)
9.6.6 Configure Azure Monitor Data Collection Rules
9.6.7 Summary and resources
Interactive Quiz/Activity- Flip Card
Graded Assessment- 5 Question
9.7.1 Introduction
9.7.2 Monitor and visualize data
9.7.3 Query data using Kusto Query Language
9.7.4 Use default Microsoft Sentinel Workbooks
9.7.5 Create a new Microsoft Sentinel Workbook
9.7.6 Summary
Interactive Quiz/Activity- Carousel/Slideshow
Graded Assessment- 5 Question
9.8.1 Introduction
9.8.2 Use solutions from the content hub
9.8.3 Use repositories for deployment
9.8.4 Summary and resources
Interactive Quiz/Activity- Short Answer
Graded Assessment- 5 Question
Lesson 10: SC-200: Perform threat hunting in Microsoft Sentinel
Lesson 10: SC-200: Perform threat hunting in Microsoft Sentinel
Audio Lesson 10: SC-200: Perform threat hunting in Microsoft Sentinel
Podcast Lesson 10: SC-200: Perform threat hunting in Microsoft Sentinel
10.1.1 Introduction
10.1.2 Understand cybersecurity threat hunts
10.1.3 Develop a hypothesis
10.1.4 Explore MITRE ATT&CK
10.1.5 Summary and resources
Interactive Quiz/Activity- Hotspot
Graded Assessment- 5 Question
10.2.1 Introduction
10.2.2 Explore creation and management of threat-hunting queries
10.2.3 Save key findings with bookmarks
10.2.4 Observe threats over time with livestream
10.2.5 Summary
Interactive Quiz/Activity- Short Answer
Graded Assessment- 5 Question
10.3.1 Introduction
10.3.2 Hunt with a Search Job
10.3.3 Restore historical data
10.3.4 Summary and resources
Interactive Quiz/Activity- True/False
Graded Assessment- 5 Question
10.4.1 Introduction
10.4.2 Access Azure Sentinel data with external tools
10.4.3 Hunt with notebooks
10.4.4 Create a notebook
10.4.5 Explore notebook code
10.4.6 Summary and resources
Interactive Quiz/Activity- Sequence
Graded Assessment- 5 Question
Resources
SC-200T00 Blueprint
SC-200T00 Detailed Curriculum
Next
Side panel
Categories
All categories
AICERTs- Extended E-Learnin...
AICERTs- Extended E-Learnin...
NetCom+
NetCom+ v1
AI CERTs Free Courses
NetCom+ Bengali
Netcom+ Free Courses
AI Tools
Soft Skills
Internal Training
Microsoft Spanish
Home
Search
Search
Search
Search
Close
Toggle search input
Log in
Categories
Collapse
Expand
All categories
AICERTs- Extended E-Learnin...
AICERTs- Extended E-Learnin...
NetCom+
NetCom+ v1
AI CERTs Free Courses
NetCom+ Bengali
Netcom+ Free Courses
AI Tools
Soft Skills
Internal Training
Microsoft Spanish
Home
Course info
SC-200T00: Microsoft Security Operations Analyst
Grade
Certificate
Certificate Download
Certificate Sharing
