LearnNowOnline

Learn your way! Get started

SC-200 Microsoft Security Operations Analyst, Part 7 of 9: Microsoft Sentinel Logging

with expert Cristian Calinescu

Watch trailer

Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack
Release date 3/25/2022
Level Advanced
Runtime 0h 51m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code Included
Exams Included
Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More

Course description

The SC-200 Microsoft Security Operations Analyst exam measures your ability to accomplish the following technical tasks: mitigate threats using Microsoft 365 Defender (25-30%); mitigate threats using Microsoft Defender for Cloud (25-30%); and mitigate threats using Microsoft Sentinel (40-45%) . This course covers Connect logs to Microsoft Sentinel.

Prerequisites

Basic understanding of Microsoft 365, environment, security, compliance and identity products. Windows 10/11 familiarity wit Azure services, DB, Storage basic understanding of Scripting concepts

Meet the expert

Cristian Calinescu is a Microsoft certified Azure Solutions Architect Expert, Senior Infrastructure Engineer and Infrastructure Security Operations Manager.

Course outline

Module 10

Connect Data to Sentinel using Data Connectors (26:41)
  • Introduction (00:08)
  • Connect Data to Microsoft Sentinel using Data Con (00:52)
  • Ingest Log Data (01:28)
  • Demo: Data Connectors (00:59)
  • Describe Data Connector Providers (07:03)
  • View Connected Hosts (00:23)
  • Demo: Hosts (02:06)
  • Connect Microsoft 365 Defender to Microsoft Senti (00:25)
  • Office 365 Connector (01:18)
  • Demo: Office Connector (07:11)
  • Connect Microsoft Services to Microsoft Sentinel (00:21)
  • Demo: Connect Services (02:17)
  • Azure AD Identity Protection (01:56)
  • Summary (00:08)
Connect Windows Hosts to Sentinel (24:29)
  • Introduction (00:08)
  • Connect Windows Hosts to Microsoft Sentinel (00:15)
  • Plan for Windows Hosts Security Events Connector (01:52)
  • Demo: Security Events Legacy (05:09)
  • Connect CEF logs to Microsoft Sentinel (00:36)
  • Plan common Event Format Connector (01:40)
  • Connect External Solution with CEF Connector (01:42)
  • Demo: Common Event Format (01:58)
  • Connect Syslog data to Microsoft Sentinel (00:58)
  • Collect Data from Linux-based Sources (00:14)
  • Demo: Linux (03:20)
  • Connect Threat Indicators to Microsoft Sentinel (00:19)
  • Plan for Threat Intelligence Connectors (01:50)
  • Connect Threat Intelligence Connector (01:29)
  • Demo: Intelligence Platform (02:45)
  • Summary (00:08)