Autoplay
Autocomplete
Previous Lesson
Complete and Continue
SC-200: Microsoft Security Operations Analyst
Intro
The Need for SOC Team (4:18)
SC-200- Microsoft Security Operations Analyst - Course Introduction (2:30)
Module 1- Mitigate threats using Microsoft 365 Defender
01 Module 1 - Learning Objectives (1:08)
02 Introduction to Threat Protection (3:24)
03 Microsoft 365 Defender suite (1:30)
04 Typical Timeline of An Attack (2:41)
05 Microsoft 365 Defender - Interactive Demonstration (2:08)
06 Mitigate incidents using Microsoft 365 Defender - Chapter Introduction (2:01)
07 How to Create your Playground - Lab Environment (5:18)
08 Microsoft 365 Defender portal - Introduction (4:16)
09 Managing Incidents (2:41)
10 More about incidents (3:52)
11 Simulate Incidents - Tor Browser (1:50)
12 Managing Incidents (4:19)
13 Managing Alerts (5:40)
14 Investigating Incidents - MITRE ATT-A-CK (7:55)
15 Advance Hunting (1:54)
16 Advance Hunting Schema (4:27)
17 Exploring the Kusto Queries (7:38)
18 Microsoft Threat Experts (1:46)
19 Microsoft Defender for Office 365 - Chapter Introduction (0:37)
20 Microsoft Defender for Office 365 - Key Capabilities - I (4:21)
21 MIcrosoft Defender for Office 365 - Key Capabilities - II (2:45)
22 Safeguard Your Organization- M365 Defender for O365 - Lab I (10:46)
23 Safeguard Your Organization- M365 Defender for O365 - Lab II (2:32)
24 Attack Simulation - Lab Activity (10:09)
25 Microsoft Defender for Identity - Introduction (0:41)
26 What is Microsoft Defender for Identity (1:20)
27 Microsoft Defender for Identity - Key Capabilities (6:23)
28 Installing Sensors on Domain Controller - 1 (3:40)
29 Installing Sensors on Domain Controller - 2 (2:06)
30 Capturing Lateral Movements (10:53)
31 Threat Hunting Lab (5:48)
32 Microsoft Defender for Identity Sensors - Architecture (1:13)
33 Protect Your Identities with Azure AD Identity Protection - Introduction (1:17)
34 User Risk - Sign-in Risk (3:14)
35 User risk policy - Sign in risk policy - Lab Activity (7:10)
36 Cloud App Security - Introduction (0:48)
37 The Cloud App Security Framework (4:16)
38 Conditional Access App Controls (5:39)
39 What is Information Protection (2:44)
40 Insider Risk Management - Enable Auditing (0:43)
41 Phases of Cloud App security (3:05)
42 Cloud App security Phases - Lab Activity (5:55)
43 Data Loss Prevention - Chapter Intro (1:01)
44 - DLP Alerts (2:16)
45 Create Policies for DLP in Compliance Portal (6:44)
46 Insider Risk Management (1:05)
47 What is Insider Risk (4:01)
48 Pain points of a Modern Workplace (1:46)
49 Insider Risk management with M365 Defender (1:45)
50 Insider Risk Management - Permissions (4:14)
51 Module 1 Summary (1:01)
Module 2- Mitigate threats using Microsoft Defender for Endpoint
01 Module 2 Introduction (0:49)
02 Defender for Endpoint - Features (2:40)
03 Defender for Endpoint - Terminology (1:52)
04 Onboarding devices to Defender (13:02)
05 Windows 10 Security Enhancements - Chapter Introduction (1:03)
06 Attack Surface Reduction Rules (3:35)
07 Attack Surface Rules (8:05)
08 Device Inventory (4:42)
09 Device Investigation -Alerts (8:19)
10 Behavioral Blocking (2:29)
11 Client Behavioral Blocking (1:29)
12 EDR- Block Mode (1:08)
13 EDR- Block Mode - Lab Activity (2:09)
14 Performing Actions on the device (11:02)
15 Live Response (4:54)
16 Perform Evidence and Entities Investigations (2:41)
17 User Investigation (3:50)
18 Advance Automated Remediation Features - Endpoint (4:07)
19 Managing fileuploads (1:59)
20 Automation folder exclusion (1:30)
21 File Level Investigation (7:41)
22 Automating Device group remediation (3:24)
23 Blocking Risky Devices using Intune, Defender and Azure AD (10:09)
24 Configure Alerts and Detections - Chapter Introduction (0:52)
25 Configuring Advance features (2:16)
26 Configuring Email Notifications (5:13)
27 Indicators of Compromise (4:53)
28 Threat and Vulnerability Management - Chapter Introduction (0:57)
29 Threat and Vulnerability Management - Explanation (16:34)
30 Module 2 Summary (2:25)
Module 3 - Mitigate threats using Microsoft Defender for Cloud
01 Module 3 - Intro (1:08)
02 What is Azure Security Center (2:47)
03 Microsoft Defender for cloud - Features (6:38)
04 Azure Defender for Cloud - Lab Activity (12:53)
05 CSPM and CWP (1:48)
06 What resources are protected using Microsoft Defender (1:32)
07 Benefits of Azure Defender for servers (8:24)
08 Defender for App services (3:48)
09 Defender for App services - lab (2:51)
10 Defender for Storage - Lab. tscproj (6:24)
11 Defender for SQL - LAB (6:43)
12 Defender for Keyvault (2:27)
13 Defender for DNS (3:14)
14 Defender for kubernetes (6:24)
15 Defender for Container Registry (3:57)
16 Connect Azure assets to Azure Defender- Chapter introduction (0:39)
17 Asset Inventory - Lab (4:42)
18 Auto provisioning (4:19)
19 Stored Event types (2:13)
20 Manual Provisioning (0:42)
21 Connect non-Azure reosurces to Defender (0:35)
22 Onboarding Methods (0:58)
23 Onboard GCP instance to Azure ARC (9:00)
24 Onboarding AWS Services to Defender for cloud (7:02)
25 Remediating Security Alerts- Chapter intro (0:47)
26 changing world and attackers (2:18)
27 What are Security alerts and notifications (1:21)
28 How does defender work (3:43)
29 Alert Severity Level (2:06)
30 Continuous Monitoring and assesments (1:35)
31 Mitre Attack tactics and alert types (4:40)
32 Remediating Alerts (2:53)
33 Automated Responses (2:41)
34 Alert Supression (2:56)
35 Module 3 Summary (1:09)
Module 4 - Create Queries for Microsoft Sentinel using Kusto Query Language
01 Module 4 Introduction (1:21)
02 The construct of KQL Language (2:08)
03 The Lab Environment (4:14)
04 Declaring variables with let (5:30)
05 Search and where operator (6:18)
06 Extend Operator (3:13)
07 Order By (3:28)
08 The Project Operator (6:53)
09 Summarize, Count and Dcount Functions (8:53)
10 Arg_Max and Arg_Min Functions (3:12)
11 Make_List and Make_Set Functions (3:14)
12 Render Operator (10:35)
13 Bin Function (5:04)
14 Union Operator (3:19)
15 Module 4 Summary (1:01)
Module 5 - Microsoft Sentinel Environment Configuration
01 What is a SIEM Solution (1:55)
02 What is Microsoft Sentinel (2:28)
03 Microsoft Sentinel - Components (0:22)
04 Data Connectors (0:59)
05 Log Retention (0:52)
06 Workbooks (0:49)
07 Analytics Alerts (0:47)
08 Threat Hunting (0:43)
09 Incidents Investigations (0:46)
10 Automation Playbooks (1:16)
11 Creating Azure Sentinel Workspace (4:15)
12 Azure Sentinel - RBAC (8:46)
13 Data Connectors (5:37)
14 On boarding Windows host to Sentinel (3:21)
15 Ingesting Events to Sentinel (2:43)
16 Sentinel - Watchlists (2:09)
17 Sentinel - Creating a watchlist for Tor Nodes (6:48)
18 Sentinel - Create Hunting Query (17:18)
19 Sentinel - Live Stream (1:52)
20 Sentinel - Capturing traffic from TOR Exit Nodes (7:49)
21 Sentinel - Create Analytical Rules (7:42)
22 Analytical Rule Type - Fusion (4:10)
23 Analytical Rule Types - Security Types (1:36)
24 Analytical Rule Types - ML based Behavioral Analytics (1:09)
25 Analytical Ryle Types - Anomaly, Scheduled Alerts and NRT (2:23)
26 - Creating Anayltics Rules based on Template (1:59)
27 - Creating Analytic Rules based on Wizard (7:51)
28 Managing the Rules (2:53)
29 Define Threat Intelligence (3:11)
30 Create TI - Lab Activity (5:39)
Module 6 - Microsoft Sentinel Environment- Connecting Logs
01 Module 6 Introduction (0:35)
02 Connect M365 Defender to Sentinel (1:09)
03 Office 365 Log Connector (2:22)
04 Azure Activity Log Connector (2:06)
05 Azure Active Directory Identity Protection Connection (2:25)
06 Defender for Office 365 Connector (2:31)
07 Defender for Endpoint Connector (4:20)
08 Connect Threat Indicators to Microsoft Sentinel (6:09)
Microsoft Sentinel Environment- Incidents, Threat Response, UEBA and Monitoring
01 Module 7 Introduction (0:33)
02 Key Concepts of Incident Management - I (1:08)
03 Key Concepts of Incident Management - II (2:21)
04 Incident Mangement in Microsoft Sentinel - I (6:12)
05 Incident Mangement in Microsoft Sentinel - II (5:20)
06 Brute Force attak against Azure Portal - Simulation (4:06)
07 Investigations in Azure Sentinel (3:41)
08 Threat Response with Microsoft Sentinel Playbooks - Introduction (2:35)
09 Step 1 - Creating Analytical Rule to look for Role membership Changes (5:50)
10 Step 2 - Integrate Log Analytics with Azure AD Audit Logs (3:11)
11 Step 3 - Verify Log Analytics (2:07)
12 Step 4 - Incident Creation in Sentinel (3:18)
13 Create a Logic app to integrate with Microsoft teams (10:07)
14 Edit Analytical rule to add Logic app Playbook (1:41)
15 Testing the integration (3:07)
16 UEBA - Introduction (5:05)
17 Entity Behaviour Lab - I (4:18)
18 Entity Behaviour Lab - II (4:44)
19 Workbooks - Introduction (1:26)
20 Create Workbooks Using Template (8:36)
21 Create Workbook from scratch (7:04)
Module 8 - Perform Threat Hunting with Microsoft Sentinel
01 Module 8 Introduction (0:42)
02 Cyber Security Threat Hunting (3:00)
03 The need for Proactive Hunting (2:21)
04 Develop a Threat Hunting hypothesis (3:58)
05 Threat Hunting - Recap (6:09)
06 Notebooks- Introduction (1:09)
07 Sentinel Notebooks - Lab Activity (8:42)
04 Typical Timeline of An Attack
Download
Complete and Continue
Become a Member and Get
Unlimited Access
to 320+ Top Cyber Security Courses.
UPGRADE NOW