SOC Masterclass: Soc Analyst Course (SOC)

COURSE OBJECTIVE:

 Not available. Please contact.

TARGET AUDIENCE:

 SOC analysts, Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security. To attend this training, you should have a good hands-on experience in administering Windows infrastructure and basic around public cloud concept (Office 365, Azure).

COURSE PREREQUISITES:

Not available. Please contact.

COURSE CONTENT:

Module 1: Monitoring operations in Azure AD1. Azure Active Directory Operations and Logs
2. Azure AD Roles
3. Identity Protection – Roles, Review access, alerts, Discovery and Insights
4. How to deal with Audit Log
5. Challenging Azure AD settings in Azure and Office from red team perspective
6. Privileged Identity Management – JITA, Discover and Monitor
7. Office Management API – Logs around Office 365
8. Microsoft Azure Policies – getting started, compliance, remediation, assignments, blueprints
9. LabsModule 2: Microsoft 365 security1. Secure Score and Security Center
2. Best Practices for Improving Your Secure Score
3. Azure Defender for Servers
4. Security Benchmark Policy
5. Labs
6. STIG & CIS – cloud security baselineModule 3: Microsoft 365 Defender for Endpoint – EDR1. Intro 101 (configuration, device inventory, concept, Report, alerts) and EDR deployment
2. Security Operations best practices with Microsoft EDR
3. How to manage Incidents
4. Kusto language 101 – basic and advanced queries
5. Advanced Hunting
6. Partner & APIs
7. Hacker ways to hide malware and bypass EDR
8. Attacks examples and remediation labs
9. EDR Integration with Microsoft Defender for Identity
10. EDR Integration with Microsoft Defender for Office 365Module 4: Extended Detection and Response with Sentinel1. Sentinel 101 – Azure Sentinel Dashboards, Connectors
2. Understanding Normalization in Azure Sentinel
3. Cloud & on-prem architecture
4. Workbooks deep dive – Visualize your security threats and hunts
5. Incidents
6. KQL intro (KQL hands-on lab exercises) and Optimizing Azure Sentinel KQL queries performance
7. Auditing and monitoring your Azure Sentinel workspace
8. Sentinel configuration with Microsoft Cloud stack, EDR and MCAS
9. Fusion ML Detections with Scheduled Analytics Rules
10. Streamlining your SOC Workflow with Automated Notebooks
11. Customizing Azure Sentinel with Python
12. Best Practices for Converting Detection Rules from Splunk, QRadar, and ArcSight to Azure Sentinel Rules
13. Deep Dive into Azure Sentinel Innovations
14. Investigating Azure Security Center alerts using Azure Sentinel
15. Customizable Anomalies and How to Use Them
16. Introduction to Monitoring SAP with Azure Sentinel for Security Professionals
17. Hunting in Sentinel
18. Deep Dive on Threat Intelligence
19. End-to-End SOC scenario with SentinelModule 5: Microsoft Cloud App Security1. Intro do MCAS
2. Enabling Secure Remote Work
3. App Discovery and Log Collector Configuration
4. Extending real-time monitoring & controls to any app
5. Connecting 3rd party Applications
6. Automation and integration with Microsoft Flow
7. Conditional Access App Control
8. Threat detection
9. Information Protection
10. Labs: Protect Your Environment Using MCAS
11. DLP in Microsoft stack – how to deploy and monitor using MCAS and Sentinel

FOLLOW ON COURSES:

Not available. Please contact.