Microsoft Sentinel

IT Pro Courses

Offline or Online Microsoft Sentinel (SEIM & SOAR) training.

This comprehensive training program provides IT security professionals with practical knowledge and hands-on experience using Microsoft Sentinel.

Starting with foundational concepts, this course equips students to implement, configure, and operate Microsoft Sentinel for security monitoring, threat detection, and incident response in their organizations.

Manoj S. Mahajan
Manoj S. Mahajan
28+ years Experienced Trainer with 100+ certs, View full profile....
Learn RHEL/Ubuntu Linux Server Admin in Pune India.
Watch Demos

Course Description

In this course, you will learn how to use Microsoft Sentinel to collect, analyze, and detect threats using security information and event management (SIEM) and security orchestration, automation, and response (SOAR) capabilities.

You will also learn how to investigate and respond to security incidents using Sentinel.

Course Objectives: Upon completion of this course, you will be able to:

  • Deploy and configure a Microsoft Sentinel workspace.
  • Connect various data sources from Microsoft and third-party services.
  • Use Kusto Query Language (KQL) to query logs and hunt for threats.
  • Create and manage analytics rules to detect suspicious activities.
  • Investigate and manage security incidents effectively.
  • Automate security responses using SOAR capabilities (Playbooks).
  • Visualize security data using custom workbooks.

Target Audience:

  • IT Administrators and Help Desk professionals with security responsibilities.
  • Aspiring or Junior Security Operations Center (SOC) Analysts.
  • Cloud and Infrastructure Engineers looking to understand security monitoring.
  • Anyone new to Security Information and Event Management (SIEM) concepts.
  • Individuals studying for the Microsoft SC-200: Security Operations Analyst certification.

Requirements

  • Basic understanding of cloud concepts (e.g., IaaS, PaaS, SaaS).
  • Familiarity with the Azure portal and core Azure services (e.g., Entra ID). Join Azure Administrator (AZ-104) training.
  • Conceptual understanding of cybersecurity principles (e.g., malware, phishing, firewalls).
  • Crucially, a desire to learn and a curious mindset! No prior SIEM or KQL experience is required.

Syllabus

Please check the syllabus tab above.

What You'll Learn

01

Module 1: Introduction to SIEM, SOAR, and Microsoft Sentinel

This foundational module introduces the core concepts of modern security operations and positions Microsoft Sentinel within the ecosystem.

  • What are SIEM & SOAR?
    • Understanding Security Information and Event Management (SIEM).
    • Understanding Security Orchestration, Automation, and Response (SOAR).
    • The evolution from traditional SIEM to a modern, cloud-native solution.
  • Introduction to Microsoft Sentinel
    • What is Microsoft Sentinel? Key features and benefits.
    • Architecture: How Sentinel works with Log Analytics Workspace.
    • Pricing and cost management strategies.
  • Navigating the Sentinel Portal
    • A guided tour of the main blades: Overview, Logs, Incidents, Workbooks, etc.

02

Module 2: Workspace Deployment and Configuration

This module covers the essential first steps of getting a Sentinel environment up and running.

  • Log Analytics Workspace Deep Dive
    • The role of Log Analytics in Sentinel.
    • Designing your workspace: single vs. multi-workspace strategy.
  • Deploying Microsoft Sentinel
    • Step-by-step guide to enabling Sentinel on a Log Analytics Workspace.
  • Roles and Permissions (RBAC)
    • Understanding Sentinel-specific roles: Reader, Responder, and Contributor.
    • Configuring proper access control for your security team.
03

Module 3: Data Collection and Management

A SIEM is only as good as its data. This module focuses on ingesting logs from various sources.

  • Understanding Data Connectors
    • Types of connectors: Service-to-service, agent-based, and REST API.
  • Connecting Microsoft Services
    • Azure Active Directory: Identity and sign-in logs.
    • Microsoft Defender for Cloud: Security alerts.
    • Office 365: SharePoint, Exchange, and Teams logs.
  • Connecting Third-Party Sources
    • Connecting firewalls and proxies using Syslog and Common Event Format (CEF).
    • Using the Azure Monitor Agent (AMA).
  • Data Management and Retention
    • Configuring data retention policies and archiving.
04

Module 4: Log Analysis with Kusto Query Language (KQL)

KQL is the engine for analysis in Sentinel. This module provides the skills to query and extract insights from your data.

  • KQL Fundamentals
    • Structure of a KQL query.
    • Key operators: where, project, summarize, count, top, sort.
    • Filtering data by time ranges.
  • Intermediate KQL
    • Joining datasets with the join operator.
    • Parsing string data using parse.
    • Using let statements to create variables.
  • Practical KQL for Security
    • Writing queries to find failed sign-ins, malicious IP connections, and unusual data transfers.
05

Module 5: Threat Detection with Analytics Rules

Learn how to turn your data into actionable alerts.

  • Understanding Analytics Rules
    • Types of rules: Scheduled, Microsoft Security, and NRT (Near-Real-Time).
    • Understanding MITRE ATT&CK framework (mapping existing detection rules to the framework's techniques)
  • Using Rule Templates
    • Activating and customizing built-in templates from Microsoft.
  • Creating Custom Scheduled Rules
    • Writing a query and setting rule logic (frequency, period, threshold).
    • Mapping entities (users, IPs, hosts) for effective investigations.
    • Configuring alert details.
06

Module 6: Incident Management and Investigation

This module covers the core operational task of handling security incidents.

  • The Incident Lifecycle
    • Triage, investigation, and remediation.
  • Investigating an Incident
    • Navigating the incident page: Alerts, entities, and timeline.
    • Using the Investigation Graph to visualize relationships between entities.
    • Adding tasks and comments for collaboration.
  • Managing Incident Status
    • Changing status (New, Active, Closed) and classification (True Positive, False Positive).
07

Module 7: Proactive Threat Hunting

Move from reactive alerting to proactive threat discovery.

  • Introduction to Threat Hunting
    • The "assume breach" mindset.
  • Using Sentinel's Hunting Dashboard
    • Running built-in hunting queries.
    • Creating and saving your own custom hunting queries.
  • Using Livestream
    • Creating interactive hunting sessions to test new queries in real-time.
  • Bookmarks
    • Tagging interesting events found during a hunt for later investigation.
  • Understanding UEBA (User and Entity Behavior Analytics) and custom hunting strategies based on threat intelligence
08

Module 8: Security Automation (SOAR) with Playbooks

This intermediate module introduces automation to streamline your security operations.

  • Introduction to SOAR in Sentinel
    • What are Playbooks? (Based on Azure Logic Apps).
  • Creating a Playbook
    • Using the Logic Apps designer.
    • Triggers (e.g., "When a Sentinel Incident is created") and Actions (e.g., block IP, disable user).
  • Attaching Playbooks to Analytics Rules
    • Automating responses when an alert is triggered.
    • Example use cases: Ticket creation in ServiceNow, posting a message in Teams, enriching incidents with threat intelligence.

09

Module 9: Visualizing Data with Workbooks

Create rich, interactive dashboards for monitoring and reporting.

  • Introduction to Workbooks
    • The purpose of visualization in security.
  • Using Workbook Templates
    • Exploring pre-built workbooks for different data sources.
  • Creating a Custom Workbook
    • Adding text, parameters, queries, and charts.
    • Building a custom security overview dashboard.

4.8
264 reviews on Google
Read All Reviews here....
Reviewer
Prashant
2025

This is the 4th course which i have attended at Certification Guru. Manoj sir having extreme level of technical knowledge. In future also I will attend courses.   Read more....

Reviewer
Asha
2024

Very good and professional trainer I enjoyed and found this training most helpful, the course met all of my expectations. Thank you.   Read more....

Reviewer
Sameer
2025

I done my MCSE & RHCT from Certification Guru. That helped me to boost my carrier.   Read more....

View Learning Paths

For IT Developers

Learn Python, Core Java, Microsoft .NET or Oracle Java Certifications.
Cloud Technologies

View Microsoft Azure, Amazon AWS or Cloud Automation courses.
AI, ML and Cyber Security

Learn Gen AI, Azure/AWS AI, Cybersecurity, Security+ and more.
IT Pro Essentials

Learn Windows, Microsoft Intune, Sentinel or Microsoft 365 Administration.
Upto 66% OFF this month!
Curious? Live Chat with us 
Advanced
26 to 30 hours
Online or Offline (Shared batch, 1 to 1 or Study Kit)
Manoj S. Mahajan
English, Hindi, Marathi
View Schedule....
Expertise You Can Trust, Guaranteed