Getting Started with Azure Sentinel
Learn more about the Microsoft Cloud SEIM
Azure Sentinel is a cloud based security information and event management (SEIM) tool that you can easily connect to various data sources, both on premises and in the cloud. Once events are flowing you can then use Sentinel to analyse and report on those events quickly and easily as well as take automated actions if desired.
This course is aimed at helping you get up and running with Azure Sentinel quickly by introducing you to its main features and then showing you how to configure the most important settings to get it working for business.
If you want to quickly and easily ingest security logging data, analyse, report and act on that then Azure Sentinel is for you and this course will show you how to get up and running quickly. Inside you'll find video tutorials, references, best practices, how-to's and more.
Your Instructor
Robert has a degree in Electrical Engineering as well as Masters of Business Administration. He is also a Small Business Specialist, Microsoft Certified SharePoint Professional and Office 365 Administrator. Robert has over 20 years of IT experience in a variety of fields and positions, including working on Wall St in New York. He continues his involvement with information technology as the Principal of the Computer Information Agency.
Apart from resolving client technical issues, Robert continues to present at seminars locally and internationally, as well as write on a number for topics for the Computer Information Agency. Robert has been President of the SMBiTPro community in Sydney. Since 2012 Robert has been awarded a Most Valuable Professional (MVP) award from Microsoft for his contributions around the Office 365 product. He also develops and presents technology courses on a regular basis at various locations. Robert is committed to a process of ongoing business and technical education to continue developing the skills required to assist clients with their business challenges.
Course Curriculum
-
StartCreate a new Azure Sentinel Workspace (6:33)
-
StartAdd a new Data Connector (6:32)
-
StartChecking the Microsoft Cloud App Security (MCAS) connection (2:07)
-
StartCreate new Analytics Rule (7:13)
-
StartIntroduction to Logs and KQL (Kusto) (3:52)
-
StartCreate a new Workbook (6:27)
-
StartContent Hub (5:31)
-
StartBasic Hunting (6:28)
-
StartIntroduction to Incidents (6:52)
-
StartCreating a Playbook (12:31)
-
StartGet instant value from your SIEM: Best practices for Azure Sentinel
-
StartGet started with a cloud-native SIEM
-
StartDeleting Sentinel (3:41)
Frequently Asked Questions
"Robert's Getting Started with Azure Sentinel course is a great introduction to Azure Sentinel that will leave you wanting to get more out of it. I am now encouraged to work with configuring my Microsoft 365 and Cloud App Security configurations up and running to bring their data to Sentinel and also looking forward to what is next in the future deeper dive Sentinel courses."
- Yeoman Yu, Technical Support Manager at CitiSystems
"Thank you Robert for a Azure Sentinel course that clearly explains and shows how Azure Sentinel can be used to monitor data logs and seamlessly display incidents and then automate actions to remediate problems or notify technical teams. Your clear demonstrations are greatly beneficial in the learning process."
- Andrew Gallagher, Gallagher Computing
"Azure Sentinel is a powerful Security Information and Event Management or SIEM as it's commonly referred to. Getting started with a large, powerful product like Sentinel can seem daunting but Robert's course steps the user through everything from getting started with basic tasks like connecting and gathering data right through to identifying and hunting threats and automating your security response. This course covers Sentinel in a way that every Administrator should know, it connects the dots well."
- David Nicholls, Solve Business Services