on-demand course

SC-200: Microsoft Security Operations Analyst

with Anand Rao Nednur

June 2022

Advanced

12h 50m

English

Packt Publishing

Closed Captioning available in English

Watch now

Unlock full access

Includes

Badge

Course outline

The Need for SOC Team
4m 20s
SC-200 - Microsoft Security Operations Analyst - Course Introduction
2m 34s
SC-200 - Microsoft Security Operations Analyst - Recent Update
2m 8s
Module 1 - Learning Objectives
1m 11s
Introduction to Threat Protection
3m 27s
Microsoft 365 Defender Suite
1m 31s
Typical Timeline of an Attack
2m 43s
Microsoft 365 Defender - Interactive Demonstration
2m 11s
Mitigate Incidents Using Microsoft 365 Defender - Chapter Introduction
2m 3s
How to Create Your Playground - Lab Environment
5m 20s
Microsoft 365 Defender Portal - Introduction
4m 17s
Managing Incidents
2m 43s
More about Incidents
3m 55s
Simulate Incidents - Tor Browser
1m 52s
Managing Incidents
4m 21s
Managing Alerts
5m 43s
Investigating Incidents - MITRE ATT-A-CK
7m 57s
Advance Hunting
1m 57s
Advance Hunting Schema
4m 29s
Exploring the Kusto Queries
7m 41s
Microsoft Threat Experts
1m 50s
Microsoft Defender for Office 365 - Chapter Introduction
37s
Microsoft Defender for Office 365 - Key Capabilities
4m 23s
Microsoft Defender for Office 365 - Key Capabilities - II
2m 48s
Safeguard Your Organization- M365 Defender for O365 - Lab I
10m 49s
Safeguard Your Organization- M365 Defender for O365 - Lab II
2m 33s
Attack Simulation - Lab Activity
10m 12s
Microsoft Defender for Identity - Introduction
43s
What Is Microsoft Defender for Identity
1m 22s
Microsoft Defender for Identity - Key Capabilities
6m 25s
Installing Sensors on Domain Controller - 1
3m 44s
Installing Sensors on Domain Controller - 2
2m 8s
Capturing Lateral Movements
10m 54s
Threat Hunting Lab
5m 48s
Microsoft Defender for Identity Sensors - Architecture
1m 13s
Protect Your Identities with Azure AD Identity Protection - Introduction
1m 20s
User Risks and Sign-In Risks
3m 16s
User Risk Policy and Sign-In Risk Policy - Lab Activity
7m 12s
Cloud App Security - Introduction
49s
The Cloud App Security Framework
4m 18s
Conditional Access App Controls
5m 41s
What Is Information Protection?
2m 46s
Insider Risk Management - Enable Auditing
45s
Phases of Cloud App security
3m 5s
Cloud App security Phases - Lab Activity
5m 57s
Data Loss Prevention - Chapter Introduction
1m 4s
DLP Alerts
2m 17s
Create Policies for DLP in Compliance Portal
6m 46s
Insider Risk Management
1m 5s
What Is Insider Risk
4m 1s
Pain Points of a Modern Workplace
1m 48s
Insider Risk management with M365 Defender
1m 46s
Insider Risk Management - Permissions
4m 15s
Module 1 - Summary
1m 2s
Module 2 - Introduction
49s
Defender for Endpoint - Features
2m 42s
Defender for Endpoint - Terminology
1m 53s
Onboarding Devices to Defender
13m 3s
Windows 10 Security Enhancements - Chapter Introduction
1m 4s
Attack Surface Reduction Rules
3m 37s
Attack Surface Rules
8m 7s
Device Inventory
4m 43s
Device Investigation -Alerts
8m 19s
Behavioral Blocking
2m 30s
Client Behavioral Blocking
1m 29s
EDR- Block Mode
1m 8s
EDR- Block Mode - Lab Activity
2m 10s
Performing Actions on the Device
11m 3s
Live Response
4m 55s
Perform Evidence and Entities Investigations
2m 43s
User Investigations
3m 51s
Advance Automated Remediation Features - Endpoint
4m 8s
Managing File Uploads
2m 1s
Automation Folder Exclusion
1m 31s
File Level Investigation
7m 44s
Automating Device Group Remediation
3m 26s
Blocking Risky Devices Using Intune, Defender, and Azure AD
10m 10s
Configure Alerts and Detections - Chapter Introduction
53s
Configuring Advance Features
2m 18s
Configuring Email Notifications
5m 15s
Indicators of Compromise
4m 55s
Threat and Vulnerability Management - Chapter Introduction
59s
Threat and Vulnerability Management - Explanation
5m 38s
Module 2 - Summary
2m 35s
Module 3 - Introduction
1m 8s
What Is Azure Security Center
2m 49s
Microsoft Defender for Cloud - Features
6m 41s
Azure Defender for Cloud - Lab Activity
12m 54s
CSPM and CWP
1m 49s
Which Resources Are Protected Using Microsoft Defender
1m 35s
Benefits of Azure Defender for Servers
8m 25s
Defender for App Services
3m 49s
Defender for App Services - Lab
2m 53s
Defender for Storage - Lab
6m 26s
Defender for SQL - Lab
6m 45s
Defender for Keyvault
2m 28s
Defender for DNS
3m 17s
Defender for Kubernetes
6m 26s
Defender for Container Registry
3m 59s
Connect Azure Assets to Azure Defender- Chapter Introduction
42s
Asset Inventory - Lab
4m 44s
Auto-Provisioning
4m 21s
Stored Event Types
2m 15s
Manual Provisioning
44s
Connect Non-Azure Resources to Defender
37s
Onboarding Methods
1m 1s
Onboard GCP Instance to Azure ARC
9m 2s
Onboarding AWS Services to Defender Cloud
7m 4s
Remediating Security Alerts- Chapter Introduction
50s
Changing World and Attackers
2m 20s
What Are Security Alerts and Notifications
1m 23s
How Does a Defender Work?
3m 46s
Alert Severity Level
2m 6s
Continuous Monitoring and Assessments
1m 37s
MITRE Attack Tactics and Alert Types
4m 41s
Remediating Alerts
2m 54s
Automated Responses
2m 45s
Alert Suppression
2m 58s
Module 3 - Summary
1m 10s
Module 4 - Introduction
1m 23s
The Construct of KQL Language
2m 8s
The Lab Environment
4m 16s
Declaring Variables with Let
5m 32s
Search and Where Operator
6m 20s
Extend Operator
3m 15s
Order by Usage
3m 30s
Project Operator
6m 55s
Summarize, Count, and DCount Functions
8m 54s
Arg_Max and Arg_Min Functions
3m 12s
Make_List and Make_Set Functions
3m 16s
Render Operator
10m 37s
Bin Function
5m 8s
Union Operator
3m 21s
Module 4 Summary
1m 11s
What Is a SIEM Solution
1m 57s
What Is Microsoft Sentinel
2m 32s
Microsoft Sentinel - Components
24s
Data Connectors
1m 0s
Log Retention
56s
Workbooks
51s
Analytics Alerts
49s
Threat Hunting
46s
Incidents and Investigations
49s
Automation Playbooks
1m 19s
Creating Azure Sentinel Workspace
4m 18s
Azure Sentinel - RBAC
8m 48s
Data Connectors
5m 39s
Onboarding Windows host to Sentinel
3m 22s
Ingesting Events to Sentinel
2m 46s
Sentinel Watchlist
2m 13s
Sentinel - Creating a Watchlist for Tor Nodes-Edited
6m 50s
Sentinel - Create Hunting Query
17m 20s
Sentinel - Live Stream
1m 54s
Sentinel - Capturing Traffic from TOR Exit Nodes
7m 52s
Sentinel - Create Analytical Rules
7m 46s
Analytical Rule Type - Fusion
4m 13s
Analytical Rule Types - Security Types
1m 38s
Analytical Rule Types - ML-Based Behavioral Analytics
1m 12s
Analytical Rule Types - Anomaly, Scheduled Alerts, and NRT
2m 26s
Creating Analytics Rules Based on Template
2m 1s
Creating Analytic Rules Based on Wizard
7m 53s
Managing the Rules
2m 57s
Define Threat Intelligence - CTI
3m 14s
Create TI - Lab Activity
5m 43s
Module 6 Introduction
37s
Connect M365 Defender to Sentinel
1m 12s
Office 365 Log Connector
2m 25s
Azure Activity Log Connector
2m 7s
Azure Active Directory Identity Protection Connector
2m 28s
Defender for Office 365 Connector
2m 34s
Defender for Endpoint Connector
4m 24s
Connect Threat Indicators to Microsoft Sentinel
6m 22s
Module 7 Introduction
36s
Key Concepts of Incident Management - I
1m 11s
Investigations in Azure Sentinel
2m 22s
Key Concepts of Incident Management - II
6m 14s
Incident Management in Microsoft Sentinel - I
5m 23s
Incident Management in Microsoft Sentinel - II
4m 8s
Brute Force Attack against Azure Portal - Simulation
3m 43s
Threat Response with Microsoft Sentinel Playbooks - Introduction/Use Case
2m 35s
Step 1 - Creating Analytical Rule to Look for Role Membership Changes
5m 52s
Step 2 - Integrate Log Analytics with Azure AD Audit Logs
3m 11s
Step 3 - Verify Log Analytics
2m 9s
Step 4 - Incident Creation in Sentinel
3m 21s
Step 5 - Create Logic App to Integrate with Microsoft Teams
10m 10s
Step 6 - Edit Analytical Rule to Add Logic App - Playbooks
1m 42s
Testing the Integration
3m 9s
UEBA - User Entity Behavior Analytics - Introduction
5m 7s
Entity Behavior Lab -I
4m 20s
Entity Behavior Lab -II
4m 46s
Workbooks - Introduction
1m 28s
Create Workbooks Using Template
8m 38s
Create Workbook from scratch
7m 6s
Module 8 Introduction
44s
Cyber Security Threat Hunting
3m 3s
The Need for Proactive Hunting
2m 22s
Develop a Threat Hunting Hypothesis
4m 1s
Threat Hunting - Recap
6m 13s
Notebooks - Introduction
1m 12s
Sentinel Notebooks - Lab Activity
8m 53s
Microsoft Security Operations Analyst - Course Summary
3m 28s

Overview

In this 13 hr course, you'll transform your skills to function as a proficient Microsoft Security Operations Analyst. Dive deep into Microsoft Defender and Azure Sentinel to excel in threat mitigation, monitoring, and response.

What I will be able to do after this course

Learn to identify vulnerabilities and remediate risks using Microsoft Defender for Endpoint.
Understand how to configure settings and manage indicators efficiently in a SOC environment.
Develop proficiency in creating advanced queries using Kusto Query Language (KQL) for threat analysis.
Get hands-on experience connecting and analyzing logs in the Microsoft Sentinel environment.
Master the fundamental skills needed to pass the SC-200: Microsoft Security Operations Analyst exam.

Course Instructor(s)

Anand Rao Nednur is a seasoned professional specializing in enterprise security and cloud solutions. With extensive industry experience and a talent for breaking down complex concepts, his teaching approach focuses on practical applications blended with robust exam-preparation strategies.

Who is it for?

This course is ideal for IT professionals and aspiring SOC engineers aiming for SC-200 certification and advancing their career in security. A basic understanding of Microsoft 365 and networking essentials is recommended to make the learning experience seamless.

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.

Watch now

Unlock full access

More than 5,000 organizations count on O’Reilly

O’Reilly covers everything we've got, with content to help us build a world-class technology community, upgrade the capabilities and competencies of our teams, and improve overall team performance as well as their engagement.

Julian F.

Head of Cybersecurity

I wanted to learn C and C++, but it didn't click for me until I picked up an O'Reilly book. When I went on the O’Reilly platform, I was astonished to find all the books there, plus live events and sandboxes so you could play around with the technology.

Addison B.

Field Engineer

I’ve been on the O’Reilly platform for more than eight years. I use a couple of learning platforms, but I'm on O'Reilly more than anybody else. When you're there, you start learning. I'm never disappointed.

Amir M.

Data Platform Tech Lead

I'm always learning. So when I got on to O'Reilly, I was like a kid in a candy store. There are playlists. There are answers. There's on-demand training. It's worth its weight in gold, in terms of what it allows me to do.

Mark W.

Embedded Software Engineer

SC-200 Microsoft Security Operations Analyst

Publisher Resources

ISBN: 9781804611777

Cloud Computing

Data Engineering

Data Science

AI & ML

Programming Languages

Software Architecture

IT/Ops

Security

Design

Business

Soft Skills

SC-200: Microsoft Security Operations Analyst

with Anand Rao Nednur

Chapter 1 : Introduction

Chapter 2 : Module 1- Mitigate Threats Using Microsoft 365 Defender

Chapter 3 : Module 2 - Mitigate Threats Using Microsoft Defender for Endpoint

Chapter 4 : Module 3 - Mitigate Threats Using Microsoft Defender for Cloud

Chapter 5 : Module 4 - Create Queries for Microsoft Sentinel Using Kusto Query Language

Chapter 6 : Module 5 - Microsoft Sentinel Environment - Configuration

Chapter 7 : Module 6 - Microsoft Sentinel Environment - Connecting Logs

Chapter 8 : Module 7 - Microsoft Sentinel Environment - Incidents, Threat Response, UEBA, and Monitoring

Chapter 9 : Module 8 - Perform Threat Hunting with Microsoft Sentinel

Chapter 10 : SC 200 - Microsoft Security Operations Analyst - Course Summary