Overview
Lab 1 - Setting up the environment
- Create Sentinel Log Analytics Workspace
- Deploy the Microsoft Sentinel Training Lab Solution
- Configure Microsoft Sentinel Playbook
Lab 2 - Data Connectors
- Enable the Azure Activity connector
- Enable the Microsoft Defender for Cloud Data Connector
- Enable Microsoft Defender Threat Intelligence connector
Lab 3 - Analytics Rules
- Enable an Azure Activity rule
- Enable a Microsoft incident creation rule for Microsoft Defender for Cloud
- Review Fusion Rule (Advanced Multistage Attack Detection)
- Create a Microsoft Sentinel custom analytics rule
- Review resulting security incident
Lab 4 - Incident Management
- Reviewing Microsoft Sentinel incident tools and capabilities
- Handling the incident "Sign-ins from IPs that attempt sign-ins to disabled accounts"
- Handling the incident "Solorigate Network Beacon"
Lab 5 - Hunting
- Hunting on a specific MITRE technique
- Bookmarking hunting query results
- Promote a bookmark to an incident
Lab 6 - Watchlists
- Create a watchlist
- Whitelist IP addresses in the analytics rule
Lab 7 - Threat Intelligence
- Threat Intelligence data connectors
- Explore the Threat Intelligence menu
- Analytics Rules based on Threat Intelligence data
- Threat Intelligence workbook
Lab 8 - Microsoft Sentinel Content Hub
- Explore the Microsoft Sentinel Content hub
- Deploy content from Content Hub Catalog
- Review and enable deployed artifacts