Slide background
Azure Cloud Security
Slide background
Slide background
Slide background
Slide backgroundSlide thumbnail

AZURE SENTINEL TRAINING

Managed Sentinel has developed a customized Azure Sentinel training curriculum based on our hands-on experience in deploying and managing Azure Sentinel. The skills are divided on 4 levels, each providing an increased level of knowledge and capabilities. 

The courses can be taken individually or as a small group. The duration of the course varies from 3 hours for the Sentinel Ranger qualification to 4 days for Sentinel Master. Managed Sentinel is using the 4 categories internally and all Sentinel deployments project involve at least on Sentinel Master qualified engineer.

Please contact us for additional details.

Sentinel Ranger Sentinel Builder Sentinel Architect Sentinel Master
Requirements
Understand Azure Sentinel components * * * *
Identify most common log tables * * * *
Perform KQL queries using filters (‘where’) and operators (in, contains, ==, !-=) * * * *
Perform KQL aggregations (count, dcount, sum, makeset, max, min) * * * *
Peform KQL unions * * * *
Perform KQL joins * * * *
Export query results to CSV, create report * * * *
Perform incident investigation * * * *
Add incidents tags and comments * * * *
Close incidents * * * *
Access and use workbooks * * * *
Create or modify Sentinel alerts * * *
Understand MITRE tactics * * *
Understand SentinelAlerts table schema * * *
Create playbooks: send email notification playbooks for Sentinel alerts * * *
Created/modify functions * * *
Create/modify workbooks * * *
Deploy and configure Microsoft Monitoring Agent * * *
Configure Azure Sentinel Data Connectors * * *
Perform KQL anomaly detection * * *
Create KQL parsing, expansions, packing, extractions, conversions * * *
Open support ticket * * *
Post technical questions in Microsoft support forum * * *
Design Azure Sentinel deployment * *
Estimate Azure Sentinel costs * *
Describe Azure Sentinel features in comparison with other SIEMs * *
Deploy Azure Sentinel / Perform initial configuration * *
Configure Azure Sentinel syslog collector * *
Understand Azure Sentinel RBAC * *
Identify Azure Sentinel costs by tables / log source types * *
Integrate with external log sources * *
Collect logging data through custom logs * *
Build custom parsers * *
Integrate external Threat Intelligence data * *
Create advanced playbooks using Logic Apps and Microsoft Flow * *
Understand  integration with other Azure security components * *
Identify log sources for data optimization and recommend optimization methods * *
Identify value of log entries (from a security perspective) * *
Troubleshoot agents, log collectors, identify silent log sources * *
Given a use-case, identify required logs sources and build the KQL script * *
Deploy Azure Lighthouse for cross-tenant Sentinel management *
Create custom log collectors using Elastic Logstash and other tools *
Understand Azure Sentinel API and use it in custom applications *
Deploy Azure functions interacting with Azure Sentinel *
Create custom logic app connectors *
Perform threat  hunting using Azure Sentinel Notebooks *
Export data to Azure Events Hub *
Assist Sentinel Community *
Publish Sentinel Blog *
Alert management using ASM application *