Azure Sentinel Kyndryl Training
  • M0: Introduction
  • M1: Setup Environment
  • M2: Data Connectors
  • M3: Analytics Rules
  • M4: Incident Management
  • M5: Hunting
  • M6: Watchlists
  • M7: Threat Intelligence
  • M8: Azure Sentinel Solutions
  • Sample1: Multiple tenants and regions
  • Sample 2: Single tenant with multiple clouds
  • Workspace Design Decision
  • KQL Demo - Log Analytics Workspace
  • KQL Demo - Sentinel
Powered by GitBook
On this page
  • Introduction
  • Prerequisites
  • Getting started
  • Modules

Was this helpful?

M0: Introduction

NextM1: Setup Environment

Last updated 2 years ago

Was this helpful?

Introduction

These labs help you get ramped up with Microsoft Sentinel and provide hands-on practical experience for product features, capabilities, and scenarios.

The lab deploys an Microsoft Sentinel workspace and ingests pre-recorded data to simulate scenarios that showcase various Microsoft Sentinel features. You should expect very little or no cost at all due to the size of the data (~10 MBs) and the fact that Microsoft Sentinel offers a 30-day free trial.

Prerequisites

To deploy Microsoft Sentinel Trainig Lab, you must have a Microsoft Azure subscription. If you do not have an existing Azure subscription, you can sign up for a free trial .

Getting started

Below you can see all the that are part of this lab. Although in general they can be completed in any order, you must start with as this deploys the lab environment itself.

Modules

Module 3 – Analytics Rules
Module 4 – Incident Management
Module 5 – Hunting
Module 6 – Watchlists
Module 7 - Threat Intelligence
Module 8 - Microsoft Sentinel Content hub
here
Module 1
Module 1 – Setting up the environment
Module 2 – Data Connectors
modules
Create a Watchlist
Whitelist IP addresses in the analytics rule
Enable Azure Activity data connector
Enable Azure Defender data connector
Enable Threat Intelligence TAXII data connector
Hunting on a specific MITRE technique
Bookmarking hunting query results
Promote a bookmark to an incident
The Microsoft Sentinel workspace
Deploy the Microsoft Sentinel Training Lab Solution
Configure Microsoft Sentinel Playbook
Review Microsoft Sentinel incident tools and capabilities
Handling Incident "Sign-ins from IPs that attempt sign-ins to disabled accounts"
Handling "Solorigate Network Beacon" incident
Hunting for more evidence
Add IOC to Threat Intelligence
Handover incident
Explore Microsoft Sentinel Content hub
Deploy a new solution
Review and enable deployed artifacts
Analytics Rules overview
Enable Microsoft incident creation rule
Review Fusion Rule (Advanced Multistage Attack Detection)
Create custom analytics rule
Review resulting security incident
Threat Intelligence data connectors
Explore the Threat Intelligence menu
Analytics Rules based on Threat Intelligence data
Threat Intelligence Workbook