Information Security
Network Security

SC-200: Connect logs to Microsoft Sentinel

Created By
Microsoft via Microsoft Learn
  • 0
  • 2-3 hours worth of material
  • Microsoft Learn
  • English
SC-200: Connect logs to Microsoft Sentinel

Course Overview

  • Module 1: Connect data to Microsoft Sentinel using data connectors

    • Upon completion of this module, the learner will be able to:

    • Explain the use of data connectors in Microsoft Sentinel
    • Describe the Microsoft Sentinel data connector providers
    • Explain the Common Event Format and Syslog connector differences in Microsoft Sentinel
  • Module 2: Connect Microsoft services to Microsoft Sentinel

    • Upon completion of this module, the learner will be able to:

    • Connect Microsoft service connectors
    • Explain how connectors auto-create incidents in Microsoft Sentinel
  • Module 3: Connect Microsoft 365 Defender to Microsoft Sentinel

    • Upon completion of this module, the learner will be able to:

    • Activate the Microsoft 365 Defender connector in Microsoft Sentinel
    • Activate the Microsoft Defender for Endpoint connector in Microsoft Sentinel
    • Activate the Microsoft Defender for Office 365 connector in Microsoft Sentinel
  • Module 4: Connect Windows hosts to Microsoft Sentinel

    • Upon completion of this module, the learner will be able to:

    • Connect Azure Windows Virtual Machines to Microsoft Sentinel
    • Connect non-Azure Windows hosts to Microsoft Sentinel
    • Configure Log Analytics agent to collect Sysmon events
  • Module 5: Connect Common Event Format logs to Microsoft Sentinel

    • Upon completion of this module, the learner will be able to:

    • Explain the Common Event Format connector deployment options in Microsoft Sentinel
    • Run the deployment script for the Common Event Format connector
  • Module 6: Connect syslog data sources to Microsoft Sentinel

    • Upon completion of this module, the learner will be able to:

    • Describe the Syslog connector deployment options in Microsoft Sentinel
    • Run the connector deployment script to send data to Microsoft Sentinel
    • Configure the Log Analytics agent integration for Microsoft Sentinel
    • Create a parse using KQL in Microsoft Sentinel
  • Module 7: Connect threat indicators to Microsoft Sentinel

    • Upon completion of this module, the learner will be able to:

    • Configure the TAXII connector in Microsoft Sentinel
    • Configure the Threat Intelligence Platform connector in Microsoft Sentinel
    • View threat indicators in Microsoft Sentinel

Course Circullum

  • Module 1: Connect data to Microsoft Sentinel using data connectors
    • Introduction
    • Ingest log data with data connectors
    • Understand data connector providers
    • View connected hosts
    • Knowledge check
    • Summary and resources
  • Module 2: Connect Microsoft services to Microsoft Sentinel
    • Introduction
    • Plan for Microsoft services connectors
    • Connect the Microsoft Office 365 connector
    • Connect the Azure Active Directory connector
    • Connect the Azure Active Directory identity protection connector
    • Knowledge check
    • Summary and resources
  • Module 3: Connect Microsoft 365 Defender to Microsoft Sentinel
    • Introduction
    • Plan for Microsoft 365 Defender connectors
    • Connect alerts from Microsoft Defender for Office 365
    • Connect alerts from Microsoft Defender for Endpoint
    • Connect the Microsoft 365 Defender connector
    • Knowledge check
    • Summary and resources
  • Module 4: Connect Windows hosts to Microsoft Sentinel
    • Introduction
    • Plan for Windows hosts security events connector
    • Collect Sysmon event logs
    • Knowledge check
    • Summary and resources
  • Module 5: Connect Common Event Format logs to Microsoft Sentinel
    • Introduction
    • Plan for Common Event Format connector
    • Connect your external solution using the Common Event Format connector
    • Knowledge check
    • Summary and resources
  • Module 6: Connect syslog data sources to Microsoft Sentinel
    • Introduction
    • Plan for the syslog connector
    • Collect data from Linux-based sources using syslog
    • Configure the log analytics agent
    • Parse syslog data with KQL
    • Knowledge check
    • Summary and resources
  • Module 7: Connect threat indicators to Microsoft Sentinel
    • Introduction
    • Plan for threat intelligence connectors
    • Connect the threat intelligence TAXII connector
    • Connect the threat intelligence platforms connector
    • View your threat indicators with KQL
    • Knowledge check
    • Summary and resources

out of 5.0
5 Star 85%
4 Star 75%
3 Star 53%
1 Star 20%

Item Reviews - 3

Submit Reviews

Free Online Course

Enroll Now
This Course Include:
  • Module 1: Connect data to Microsoft Sentinel using data connectors
    • Introduction
    • Ingest log data with data connectors
    • Understand data connector providers
    • View connected hosts
    • Knowledge check
    • Summary and resources
  • Module 2: Connect Microsoft services to Microsoft Sentinel
    • Introduction
    • Plan for Microsoft services connectors
    • Connect the Microsoft Office 365 connector
    • Connect the Azure Active Directory connector
    • Connect the Azure Active Directory identity protection connector
    • Knowledge check
    • Summary and resources
  • Module 3: Connect Microsoft 365 Defender to Microsoft Sentinel
    • Introduction
    • Plan for Microsoft 365 Defender connectors
    • Connect alerts from Microsoft Defender for Office 365
    • Connect alerts from Microsoft Defender for Endpoint
    • Connect the Microsoft 365 Defender connector
    • Knowledge check
    • Summary and resources
  • Module 4: Connect Windows hosts to Microsoft Sentinel
    • Introduction
    • Plan for Windows hosts security events connector
    • Collect Sysmon event logs
    • Knowledge check
    • Summary and resources
  • Module 5: Connect Common Event Format logs to Microsoft Sentinel
    • Introduction
    • Plan for Common Event Format connector
    • Connect your external solution using the Common Event Format connector
    • Knowledge check
    • Summary and resources
  • Module 6: Connect syslog data sources to Microsoft Sentinel
    • Introduction
    • Plan for the syslog connector
    • Collect data from Linux-based sources using syslog
    • Configure the log analytics agent
    • Parse syslog data with KQL
    • Knowledge check
    • Summary and resources
  • Module 7: Connect threat indicators to Microsoft Sentinel
    • Introduction
    • Plan for threat intelligence connectors
    • Connect the threat intelligence TAXII connector
    • Connect the threat intelligence platforms connector
    • View your threat indicators with KQL
    • Knowledge check
    • Summary and resources
  • Provider:Microsoft Learn
  • Certificate:Not Avalible
  • Language:English
  • Duration:2-3 hours worth of material
  • Language CC:

Do You Have Questions ?

We'll help you to grow your career and growth.
Contact Us Today