Course Information

  • Sessions 4 days
  • Duration 30 hrs
  • Level Intermediate
  • Assessment NA

Venue

Download Course Brochure

Certification

  • Certificate of Completion from Tertiary Courses - Upon meeting at least 75% attendance and passing the assessment(s), participants will receive a Certificate of Completion from Tertiary Courses.

SC-200 Microsoft Security Operations Analyst Training

Course Code: C542

What's This Course About

Step into the world of cybersecurity with our SC-200 Microsoft Security Operations Analyst Exam Preparation course. This comprehensive training is designed to empower aspiring security analysts with the knowledge and skills needed to excel in Microsoft's rigorous SC-200 exam. Participants will delve into key areas such as threat management, monitoring and response, and data governance, ensuring a deep understanding of Microsoft's security operations framework. Our course equips you with practical insights and hands-on experience, setting a strong foundation for your career in cybersecurity.

Beyond theoretical knowledge, our course emphasizes real-world applications and scenario-based learning. You'll engage with the latest tools and practices in the field, honing your ability to identify, respond to, and mitigate cybersecurity threats effectively. This course not only prepares you for the SC-200 exam but also enhances your professional acumen, making you a valuable asset in the rapidly evolving domain of security operations. Join us to transform your passion for cybersecurity into a distinguished career, starting with acing the SC-200 Microsoft Security Operations Analyst Exam.

Microsoft Learning Partner

We are Authorised Microsoft Learning Partner (Org ID:  5238476). To get the official Microsoft certification, please register your certification exam at Pearson Vue Test Center.

Certification Exam at Pearson Vue

We are Authorised Pearson Vue Testing Center. Once you have prepared for the exam, you can register for the certification here. The course fee does not include the certification exam fee.

You can purchase the exam voucher (one of the lowest prices in Singapore) at Microsoft Role-Based Certification Exam Voucher.

Microsoft Learning Partner

We are Authorised Microsoft Learning Partner (Org ID:  5238476). To get the official Microsoft certification, please register your certification exam at Pearson Vue Test Center.

WSQ Funding

Full Fee ₵14,400.00 Before GST
GST ₵1,296.00 9% of fee
Baseline Nett ₵8,496.00 SG/PR age 21+ · 50% funded
MCES / SME Nett ₵5,616.00 SG age 40+ · 70% funded
Funding and Grant Applications

No funding is available for this course

For WSQ funding, please checkout the details at WSQ - Microsoft Security Operations Analyst (SC-200)

Course Fee

₵14,400.00

Additional Note

Please bring your own laptop for hands-on training. If you don't have laptop, we can provide spare laptop for training use.

Post-Course Support

  • We provide free consultation related to the subject matter after the course.
  • Please email your queries to info@tertiarycourses.com.gh and we will forward your queries to the subject matter experts and get back to you as soon as possible.

Cancellation & Reschedule Policy

  • We reserve the right to cancel or re-schedule the course due to unforeseen circumstances. If the course is cancelled, we will refund 100% to participants.
  • Note: the venue of the training is subject to changes due to class size and availability of the classroom. The minimum class size to start a class is 3 Pax.

Course Details

Course Details

What You'll Learn

LU1 Mitigate threats using Microsoft Defender XDR

Topic 1 Introduction to Microsoft 365 threat protection

Explore Extended Detection & Response (XDR) response use cases

Understand Microsoft Defender XDR in a Security Operations Center (SOC)

Explore Microsoft Security Graph

Investigate security incidents in Microsoft Defender XDR

Topic 2 Mitigate incidents using Microsoft 365 Defender

Use the Microsoft Defender portal

Manage incidents

Investigate incidents

Manage and investigate alerts

Manage automated investigations

Use the action center1

Explore advanced hunting

Investigate Microsoft Entra sign-in logs

Understand Microsoft Secure Score

Topic 3 Protect your identities with Microsoft Entra ID Protection

Microsoft Entra ID Protection overview

Detect risks with Microsoft Entra ID Protection policies

Investigate and remediate risks detected by Microsoft Entra ID Protection

Topic 4 Remediate risks with Microsoft Defender for Office 365

Introduction to Microsoft Defender for Office 365

Automate, investigate, and remediate

Configure, protect, and detect

Simulate attacks

Topic 5 Safeguard your environment with Microsoft Defender for Identity

Introduction to Microsoft Defender for Identity

Configure Microsoft Defender for Identity sensors

Review compromised accounts or data

Integrate with other Microsoft tools

Topic 6 Secure your cloud apps and services with Microsoft Defender for Cloud Apps

Understand the Defender for Cloud Apps Framework

Explore your cloud apps with Cloud Discovery

Protect your data and apps with Conditional Access App Control

Walk through discovery and access control with Microsoft Defender for Cloud Apps

Classify and protect sensitive information

Detect Threats

LU2 Mitigate threats using Microsoft Purview

Topic 7 Respond to data loss prevention alerts using Microsoft 365

1. Describe data loss prevention alerts7

2. Investigate data loss prevention alerts in Microsoft Purview

3. Investigate data loss prevention alerts in Microsoft Defender for Cloud Apps

Topic 8 Manage insider risk in Microsoft Purview

Insider risk management overview

Introduction to managing insider risk policies

Create and manage insider risk policies

Knowledge check

Investigate insider risk alerts

Take action on insider risk alerts through cases

Manage insider risk management forensic evidence

Create insider risk management notice templates

Topic 9 Investigate threats by using audit features in Microsoft Defender XDR and Microsoft Purview Standard

Introduction to threat investigation with the Unified Audit Log (UAL)

Explore Microsoft Purview Audit solutions

Implement Microsoft Purview Audit (Standard)

Start recording activity in the Unified Audit Log

Search the Unified Audit Log (UAL)

Export, configure, and view audit log records

Use audit log searching to investigate common support issues

Topic 10 Investigate threats with Content search in Microsoft Purview

Explore Microsoft Purview eDiscovery solutions

Create a content search

View the search results and statistics

Export the search results and search report

Configure search permissions filtering

Search for and delete email messages

LU3 Mitigate threats using Microsoft Defender for Endpoint

Topic 11 Protect against threats with Microsoft Defender for Endpoint

Introduction to Microsoft Defender for Endpoint

Practice security administration

Hunt threats within your network

Topic 12 Deploy the Microsoft Defender for Endpoint environment

Create your environment

Understand operating systems compatibility and features

Onboard devices

Manage access

Create and manage roles for role-based access control

Configure device groups

Configure environment advanced features

Topic 13 Implement Windows security enhancements with Microsoft Defender for Endpoint

Understand attack surface reduction

Enable attack surface reduction rules

Topic 14 Perform device investigations in Microsoft Defender for Endpoint

Use the device inventory list

Investigate the device

Use behavioral blocking

Detect devices with device discovery

Topic 15 Perform actions on a device using Microsoft Defender for Endpoint

Explain device actions

Run Microsoft Defender antivirus scan on devices

Collect investigation package from devices

Initiate live response session

Topic 16 Perform evidence and entities investigations using Microsoft Defender for Endpoint

Investigate a file

Investigate a user account

Investigate an IP address

Investigate a domain

Topic 17 Configure and manage automation using Microsoft Defender for Endpoint

Configure advanced features

Manage automation upload and folder settings

Configure automated investigation and remediation capabilities

Block at risk devices

Topic 18 Configure for alerts and detections in Microsoft Defender for Endpoint

Configure advanced features

Configure alert notifications

Manage alert suppression

Manage indicators

Topic 19 Utilize Vulnerability Management in Microsoft Defender for Endpoint

Understand vulnerability management

Explore vulnerabilities on your devices

Manage remediation

LU4 Mitigate threats using Microsoft Defender for Cloud

Topic 20 Plan for cloud workload protections using Microsoft Defender for Cloud

Explain Microsoft Defender for Cloud

Describe Microsoft Defender for Cloud workload protections

Exercise – Microsoft Defender for Cloud interactive guide

Enable Microsoft Defender for Cloud

Topic 21 Connect Azure assets to Microsoft Defender for Cloud

Explore and manage your resources with asset inventory

Configure auto provisioning

Manual log analytics agent provisioning

Topic 22 Connect non-Azure resources to Microsoft Defender for Cloud

Protect non-Azure resources

Connect non-Azure machines

Connect your AWS accounts

Connect your GCP accounts

Topic 23 Manage your cloud security posture management

Explore Secure Score

Explore Recommendations

Measure and enforce regulatory compliance

Understand Workbooks

Topic 24 Explain cloud workload protections in Microsoft Defender for Cloud

Understand Microsoft Defender for servers

Understand Microsoft Defender for App Service

Understand Microsoft Defender for Storage

Understand Microsoft Defender for SQL

Understand Microsoft Defender for open-source databases

Understand Microsoft Defender for Key Vault

Understand Microsoft Defender for Resource Manager

Understand Microsoft Defender for DNS

Understand Microsoft Defender for Containers

Understand Microsoft Defender additional protections

Topic 25 Remediate security alerts using Microsoft Defender for Cloud

Understand security alerts

Remediate alerts and automate responses

Suppress alerts from Defender for Cloud

Generate threat intelligence reports

Respond to alerts from Azure resources

LU5 Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

Topic 26 Construct KQL statements for Microsoft Sentinel

Understand the Kusto Query Language statement structure

Use the search operator

Use the where operator

Use the let statement

Use the extend operator

Use the order by operator

Use the project operators

Topic 27 Analyze query results using KQL

Use the summarize operator

Use the summarize operator to filter results

Use the summarize operator to prepare data

Use the render operator to create visualizations

Topic 28 Build multi-table statements using KQL

Use the union operator

Use the join operator

Topic 29 Work with data in Microsoft Sentinel using Kusto Query Language

Extract data from unstructured string fields

Extract data from structured string data

Integrate external data

Create parsers with functions

LU6 Configure your Microsoft Sentinel environment

Topic 30 Introduction to Microsoft Sentinel

What is Microsoft Sentinel?

How Microsoft Sentinel works

When to use Microsoft Sentinel

Topic 31 Create and manage Microsoft Sentinel workspaces

Plan for the Microsoft Sentinel workspace

Create a Microsoft Sentinel workspace

Manage workspaces across tenants using Azure Lighthouse

Understand Microsoft Sentinel permissions and roles

Manage Microsoft Sentinel settings

Configure logs

Topic 32 Query logs in Microsoft Sentinel

Query logs in the logs page

Understand Microsoft Sentinel tables

Understand common tables

Understand Microsoft Defender XDR tables

Topic 33 Use watchlists in Microsoft Sentinel

Plan for watchlists

Create a watchlist

Manage watchlists

Topic 34 Utilize threat intelligence in Microsoft Sentinel

Define threat intelligence

Manage your threat indicators

View your threat indicators with KQL

LU7 Connect logs to Microsoft Sentinel

Topic 35 Connect data to Microsoft Sentinel using data connectors

Ingest log data with data connectors

Understand data connector providers

View connected hosts

Topic 36 Connect Microsoft services to Microsoft Sentinel

Plan for Microsoft services connectors

Connect the Microsoft Office 365 connector

Connect the Microsoft Entra connector

Connect the Microsoft Entra ID Protection connector

Connect the Azure Activity connector

Topic 37 Connect Microsoft Defender XDR to Microsoft Sentinel

Plan for Microsoft Defender XDR connectors

Connect the Microsoft Defender XDR connector

Connect Microsoft Defender for Cloud connector

Connect Microsoft Defender for IoT

Connect Microsoft Defender legacy connectors

Topic 38 Connect Windows hosts to Microsoft Sentinel

Plan for Windows hosts security events connector

Connect using the Windows Security Events via AMA Connector

Connect using the Security Events via Legacy Agent Connector

Collect Sysmon event logs

Topic 39 Connect Common Event Format logs to Microsoft Sentinel

Plan for Common Event Format connector6

Connect your external solution using the Common Event Format connector

Topic 40 Connect syslog data sources to Microsoft Sentinel

Plan for syslog data collection

Collect data from Linux-based sources using syslog

Configure the Data Collection Rule for Syslog Data Sources

Parse syslog data with KQL

Topic 41 Connect threat indicators to Microsoft Sentinel

Plan for threat intelligence connectors

Connect the threat intelligence TAXII connector

Connect the threat intelligence platforms connector

View your threat indicators with KQL

LU8 Create detections and perform investigations using Microsoft Sentinel

Topic 42 Threat detection with Microsoft Sentinel analytics

Exercise - Detect threats with Microsoft Sentinel analytics

What is Microsoft Sentinel Analytics?

Types of analytics rules

Create an analytics rule from templates

Create an analytics rule from wizard

Manage analytics rules

Exercise - Detect threats with Microsoft Sentinel analytics

Topic 43 Automation in Microsoft Sentinel

Understand automation options

Create automation rules

Topic 44 Threat response with Microsoft Sentinel playbooks

Exercise - Create a Microsoft Sentinel playbook

What are Microsoft Sentinel playbooks?

Trigger a playbook in real-time

Run playbooks on demand

Exercise - Create a Microsoft Sentinel playbook

Topic 45 Security incident management in Microsoft Sentinel

Exercise - Set up the Azure environment

Understand incidents

Incident evidence and entities

Incident management

Exercise - Investigate an incident

Topic 46 Identify threats with Behavioral Analytics

Understand behavioral analytics

Explore entities

Display entity behavior information

Use Anomaly detection analytical rule templates

Topic 47 Data normalization in Microsoft Sentinel

Understand data normalization

Use ASIM Parsers

Understand parameterized KQL functions

Create an ASIM Parser

Configure Azure Monitor Data Collection Rules

Topic 48 Query, visualize, and monitor data in Microsoft Sentinel

Exercise - Query and visualize data with Microsoft Sentinel Workbooks

Monitor and visualize data

Query data using Kusto Query Language

Use default Microsoft Sentinel Workbooks

Create a new Microsoft Sentinel Workbook

Exercise - Visualize data using Microsoft Sentinel Workbooks

Topic 49 Manage content in Microsoft Sentinel

Use solutions from the content hub

Use repositories for deployment

LU9 Perform threat hunting in Microsoft Sentinel

Topic 50 Explain threat hunting concepts in Microsoft Sentinel

Understand cybersecurity threat hunts

Develop a hypothesis

Explore MITRE ATT&CK

Topic 51 Threat hunting with Microsoft Sentinel

Explore creation and management of threat-hunting queries

Save key findings with bookmarks

Observe threats over time with livestream

Exercise - Hunt for threats by using Microsoft Sentinel

Topic 52 Use Search jobs in Microsoft Sentinel

Hunt with a Search Job

Restore historical data

Topic 53 Hunt for threats using notebooks in Microsoft Sentinel

Access Azure Sentinel data with external tools

Hunt with notebooks

Create a notebook

Explore notebook code

Topic 54 Who Hacked cloud game

Play Who Hacked?

Keep playing to find the culprit!

Course Info

Promotion Code

Your will get 10% discount voucher for 2nd course onwards if you write us a Google review.

Minimum Entry Requirement

Knowledge and Skills

  • Able to operate using computer functions
  • Minimum 3 GCE ‘O’ Levels Passes including English or WPL Level 5 (Average of Reading, Listening, Speaking & Writing Scores)

Attitude

  • Positive Learning Attitude
  • Enthusiastic Learner

Experience

  • Minimum of 1 year of working experience.

Target Age Group: 18-65 years old

Minimum Software/Hardware Requirement

Software:

TBD

Hardware: Window or Mac Laptops

Job Roles

Job Roles

  • Security Operations Analyst
  • Information Systems Auditor
  • IT Security Specialist
  • Network Security Analyst
  • Cybersecurity Analyst
  • Security Administrator
  • Information Security Manager
  • IT Compliance Analyst
  • Risk Analyst
  • Incident Response Analyst
  • Vulnerability Assessor
  • Security Consultant
  • IT Auditor
  • Compliance Manager
  • Corporate IT Manager

Trainers

Trainers

Ferris Kwok: Ferris Kwok is a ACTA certified trainer. He specializes in designing and building Electronic prototypes. He also conducts experiential workshops for the public and in schools on Electronics, Coding, Arduino / Microcontroller prototyping, Robotics and Multi-rotor aircrafts (Drones). He is a practitioner who preaches what he teach; linking concepts taught to systems that he designed and built for commercial clients and installed in places such as Singapore Airport and Science Centre Singapore. He is also a loyal advocate of Maker Faire and had supported the local edition organized by Science Centre Singapore (from 2012) via a Maker booth throughout all 8 editions. Together with a collaborator providing event and training services, he have exhibited at Maker Faire Bay Area (USA) and Maker Faire Shenzhen (China). Ken Yuen: Ken Yuen is a ACTA certified trainer. He has more than 10 years of experience working as an instructor, Application Development Engineer, Technical Consultant and Project Manager. He is an MOE-Registered Instructor teaching STEM programs for past 3 years such as Arduino, Micro:bits and robotics to schools and libraries based on the smart nation initiative roadmap. He completed his Diploma in Electronic Engineering at Singapore Polytechnic and graduated with Bachelor of Electrical and Electronics Engineering from Nanyang Technological University and certified PMP (Project Management Professional). Shahul Maricar: Shahul Maricar is a certified trainer. Shahul H. Maricar has been a content developer and webmaster, building educational websites and applications with HTML, CSS and JavaScript. He then served as an IT analyst, writing programs for automating custom workflows as well as data extraction and analysis in the healthcare field. He is currently a freelance educator and is actively involved with development projects in game programming, computer-aided design and computer graphics.

Review

Write Your Own Review

You're reviewing: SC-200 Microsoft Security Operations Analyst Training