SC-200 Microsoft Security Operations Analyst Training

LU1 Mitigate threats using Microsoft Defender XDR

Topic 1 Introduction to Microsoft 365 threat protection

Explore Extended Detection & Response (XDR) response use cases

Understand Microsoft Defender XDR in a Security Operations Center (SOC)

Explore Microsoft Security Graph

Investigate security incidents in Microsoft Defender XDR

Topic 2 Mitigate incidents using Microsoft 365 Defender

Use the Microsoft Defender portal

Manage incidents

Investigate incidents

Manage and investigate alerts

Manage automated investigations

Use the action center1

Explore advanced hunting

Investigate Microsoft Entra sign-in logs

Understand Microsoft Secure Score

Topic 3 Protect your identities with Microsoft Entra ID Protection

Microsoft Entra ID Protection overview

Detect risks with Microsoft Entra ID Protection policies

Investigate and remediate risks detected by Microsoft Entra ID Protection

Topic 4 Remediate risks with Microsoft Defender for Office 365

Introduction to Microsoft Defender for Office 365

Automate, investigate, and remediate

Configure, protect, and detect

Simulate attacks

Topic 5 Safeguard your environment with Microsoft Defender for Identity

Introduction to Microsoft Defender for Identity

Configure Microsoft Defender for Identity sensors

Review compromised accounts or data

Integrate with other Microsoft tools

Topic 6 Secure your cloud apps and services with Microsoft Defender for Cloud Apps

Understand the Defender for Cloud Apps Framework

Explore your cloud apps with Cloud Discovery

Protect your data and apps with Conditional Access App Control

Walk through discovery and access control with Microsoft Defender for Cloud Apps

Classify and protect sensitive information

Detect Threats

LU2 Mitigate threats using Microsoft Purview

Topic 7 Respond to data loss prevention alerts using Microsoft 365

1. Describe data loss prevention alerts7

2. Investigate data loss prevention alerts in Microsoft Purview

3. Investigate data loss prevention alerts in Microsoft Defender for Cloud Apps

Topic 8 Manage insider risk in Microsoft Purview

Insider risk management overview

Introduction to managing insider risk policies

Create and manage insider risk policies

Knowledge check

Investigate insider risk alerts

Take action on insider risk alerts through cases

Manage insider risk management forensic evidence

Create insider risk management notice templates

Topic 9 Investigate threats by using audit features in Microsoft Defender XDR and Microsoft Purview Standard

Introduction to threat investigation with the Unified Audit Log (UAL)

Explore Microsoft Purview Audit solutions

Implement Microsoft Purview Audit (Standard)

Start recording activity in the Unified Audit Log

Search the Unified Audit Log (UAL)

Export, configure, and view audit log records

Use audit log searching to investigate common support issues

Topic 10 Investigate threats with Content search in Microsoft Purview

Explore Microsoft Purview eDiscovery solutions

Create a content search

View the search results and statistics

Export the search results and search report

Configure search permissions filtering

Search for and delete email messages

LU3 Mitigate threats using Microsoft Defender for Endpoint

Topic 11 Protect against threats with Microsoft Defender for Endpoint

Introduction to Microsoft Defender for Endpoint

Practice security administration

Hunt threats within your network

Topic 12 Deploy the Microsoft Defender for Endpoint environment

Create your environment

Understand operating systems compatibility and features

Onboard devices

Manage access

Create and manage roles for role-based access control

Configure device groups

Configure environment advanced features

Topic 13 Implement Windows security enhancements with Microsoft Defender for Endpoint

Understand attack surface reduction

Enable attack surface reduction rules

Topic 14 Perform device investigations in Microsoft Defender for Endpoint

Use the device inventory list

Investigate the device

Use behavioral blocking

Detect devices with device discovery

Topic 15 Perform actions on a device using Microsoft Defender for Endpoint

Explain device actions

Run Microsoft Defender antivirus scan on devices

Collect investigation package from devices

Initiate live response session

Topic 16 Perform evidence and entities investigations using Microsoft Defender for Endpoint

Investigate a file

Investigate a user account

Investigate an IP address

Investigate a domain

Topic 17 Configure and manage automation using Microsoft Defender for Endpoint

Configure advanced features

Manage automation upload and folder settings

Configure automated investigation and remediation capabilities

Block at risk devices

Topic 18 Configure for alerts and detections in Microsoft Defender for Endpoint

Configure advanced features

Configure alert notifications

Manage alert suppression

Manage indicators

Topic 19 Utilize Vulnerability Management in Microsoft Defender for Endpoint

Understand vulnerability management

Explore vulnerabilities on your devices

Manage remediation

LU4 Mitigate threats using Microsoft Defender for Cloud

Topic 20 Plan for cloud workload protections using Microsoft Defender for Cloud

Explain Microsoft Defender for Cloud

Describe Microsoft Defender for Cloud workload protections

Exercise – Microsoft Defender for Cloud interactive guide

Enable Microsoft Defender for Cloud

Topic 21 Connect Azure assets to Microsoft Defender for Cloud

Explore and manage your resources with asset inventory

Configure auto provisioning

Manual log analytics agent provisioning

Topic 22 Connect non-Azure resources to Microsoft Defender for Cloud

Protect non-Azure resources

Connect non-Azure machines

Connect your AWS accounts

Connect your GCP accounts

Topic 23 Manage your cloud security posture management

Explore Secure Score

Explore Recommendations

Measure and enforce regulatory compliance

Understand Workbooks

Topic 24 Explain cloud workload protections in Microsoft Defender for Cloud

Understand Microsoft Defender for servers

Understand Microsoft Defender for App Service

Understand Microsoft Defender for Storage

Understand Microsoft Defender for SQL

Understand Microsoft Defender for open-source databases

Understand Microsoft Defender for Key Vault

Understand Microsoft Defender for Resource Manager

Understand Microsoft Defender for DNS

Understand Microsoft Defender for Containers

Understand Microsoft Defender additional protections

Topic 25 Remediate security alerts using Microsoft Defender for Cloud

Understand security alerts

Remediate alerts and automate responses

Suppress alerts from Defender for Cloud

Generate threat intelligence reports

Respond to alerts from Azure resources

LU5 Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

Topic 26 Construct KQL statements for Microsoft Sentinel

Understand the Kusto Query Language statement structure

Use the search operator

Use the where operator

Use the let statement

Use the extend operator

Use the order by operator

Use the project operators

Topic 27 Analyze query results using KQL

Use the summarize operator

Use the summarize operator to filter results

Use the summarize operator to prepare data

Use the render operator to create visualizations

Topic 28 Build multi-table statements using KQL

Use the union operator

Use the join operator

Topic 29 Work with data in Microsoft Sentinel using Kusto Query Language

Extract data from unstructured string fields

Extract data from structured string data

Integrate external data

Create parsers with functions

LU6 Configure your Microsoft Sentinel environment

Topic 30 Introduction to Microsoft Sentinel

What is Microsoft Sentinel?

How Microsoft Sentinel works

When to use Microsoft Sentinel

Topic 31 Create and manage Microsoft Sentinel workspaces

Plan for the Microsoft Sentinel workspace

Create a Microsoft Sentinel workspace

Manage workspaces across tenants using Azure Lighthouse

Understand Microsoft Sentinel permissions and roles

Manage Microsoft Sentinel settings

Configure logs

Topic 32 Query logs in Microsoft Sentinel

Query logs in the logs page

Understand Microsoft Sentinel tables

Understand common tables

Understand Microsoft Defender XDR tables

Topic 33 Use watchlists in Microsoft Sentinel

Plan for watchlists

Create a watchlist

Manage watchlists

Topic 34 Utilize threat intelligence in Microsoft Sentinel

Define threat intelligence

Manage your threat indicators

View your threat indicators with KQL

LU7 Connect logs to Microsoft Sentinel

Topic 35 Connect data to Microsoft Sentinel using data connectors

Ingest log data with data connectors

Understand data connector providers

View connected hosts

Topic 36 Connect Microsoft services to Microsoft Sentinel

Plan for Microsoft services connectors

Connect the Microsoft Office 365 connector

Connect the Microsoft Entra connector

Connect the Microsoft Entra ID Protection connector

Connect the Azure Activity connector

Topic 37 Connect Microsoft Defender XDR to Microsoft Sentinel

Plan for Microsoft Defender XDR connectors

Connect the Microsoft Defender XDR connector

Connect Microsoft Defender for Cloud connector

Connect Microsoft Defender for IoT

Connect Microsoft Defender legacy connectors

Topic 38 Connect Windows hosts to Microsoft Sentinel

Plan for Windows hosts security events connector

Connect using the Windows Security Events via AMA Connector

Connect using the Security Events via Legacy Agent Connector

Collect Sysmon event logs

Topic 39 Connect Common Event Format logs to Microsoft Sentinel

Plan for Common Event Format connector6

Connect your external solution using the Common Event Format connector

Topic 40 Connect syslog data sources to Microsoft Sentinel

Plan for syslog data collection

Collect data from Linux-based sources using syslog

Configure the Data Collection Rule for Syslog Data Sources

Parse syslog data with KQL

Topic 41 Connect threat indicators to Microsoft Sentinel

Plan for threat intelligence connectors

Connect the threat intelligence TAXII connector

Connect the threat intelligence platforms connector

View your threat indicators with KQL

LU8 Create detections and perform investigations using Microsoft Sentinel

Topic 42 Threat detection with Microsoft Sentinel analytics

Exercise - Detect threats with Microsoft Sentinel analytics

What is Microsoft Sentinel Analytics?

Types of analytics rules

Create an analytics rule from templates

Create an analytics rule from wizard

Manage analytics rules

Exercise - Detect threats with Microsoft Sentinel analytics

Topic 43 Automation in Microsoft Sentinel

Understand automation options

Create automation rules

Topic 44 Threat response with Microsoft Sentinel playbooks

Exercise - Create a Microsoft Sentinel playbook

What are Microsoft Sentinel playbooks?

Trigger a playbook in real-time

Run playbooks on demand

Exercise - Create a Microsoft Sentinel playbook

Topic 45 Security incident management in Microsoft Sentinel

Exercise - Set up the Azure environment

Understand incidents

Incident evidence and entities

Incident management

Exercise - Investigate an incident

Topic 46 Identify threats with Behavioral Analytics

Understand behavioral analytics

Explore entities

Display entity behavior information

Use Anomaly detection analytical rule templates

Topic 47 Data normalization in Microsoft Sentinel

Understand data normalization

Use ASIM Parsers

Understand parameterized KQL functions

Create an ASIM Parser

Configure Azure Monitor Data Collection Rules

Topic 48 Query, visualize, and monitor data in Microsoft Sentinel

Exercise - Query and visualize data with Microsoft Sentinel Workbooks

Monitor and visualize data

Query data using Kusto Query Language

Use default Microsoft Sentinel Workbooks

Create a new Microsoft Sentinel Workbook

Exercise - Visualize data using Microsoft Sentinel Workbooks

Topic 49 Manage content in Microsoft Sentinel

Use solutions from the content hub

Use repositories for deployment

LU9 Perform threat hunting in Microsoft Sentinel

Topic 50 Explain threat hunting concepts in Microsoft Sentinel

Understand cybersecurity threat hunts

Develop a hypothesis

Explore MITRE ATT&CK

Topic 51 Threat hunting with Microsoft Sentinel

Explore creation and management of threat-hunting queries

Save key findings with bookmarks

Observe threats over time with livestream

Exercise - Hunt for threats by using Microsoft Sentinel

Topic 52 Use Search jobs in Microsoft Sentinel

Hunt with a Search Job

Restore historical data

Topic 53 Hunt for threats using notebooks in Microsoft Sentinel

Access Azure Sentinel data with external tools

Hunt with notebooks

Create a notebook

Explore notebook code

Topic 54 Who Hacked cloud game

Play Who Hacked?

Keep playing to find the culprit!

Promotion Code

Your will get 10% discount voucher for 2nd course onwards if you write us a Google review.

Minimum Entry Requirement

Knowledge and Skills

• Able to operate using computer functions
• Minimum 3 GCE ‘O’ Levels Passes including English or WPL Level 5 (Average of Reading, Listening, Speaking & Writing Scores)

Attitude

• Positive Learning Attitude
• Enthusiastic Learner

Experience

• Minimum of 1 year of working experience.

Target Age Group: 18-65 years old

Minimum Software/Hardware Requirement

Software:

TBD

Hardware: Window or Mac Laptops

• Security Operations Analyst
• Information Systems Auditor
• IT Security Specialist
• Network Security Analyst
• Cybersecurity Analyst
• Security Administrator
• Information Security Manager
• IT Compliance Analyst
• Risk Analyst
• Incident Response Analyst
• Vulnerability Assessor
• Security Consultant
• IT Auditor
• Compliance Manager
• Corporate IT Manager

Sanjiv Venkatram: Sanjiv i is an ACTA certified experienced leader with a proven track record in business / finance consulting and in developing i) business intelligence (BI) solutions ii) data analytics/analysis solutions and iii) IOT lead BI solutions. Sanjiv's goal through Prudentia Consulting, is to promote the simple joy and excitement of actively using the Microsoft Platform. He believes that the agility afforded by the Microsoft platform helps businesses get time back for deeper business thinking and to spend more time with their end customers

Sanjiv has rich experiences in diverse/complex high-tech businesses, turn around environments and strategic transformations. His functional expertise is in sales analytics, financial planning and analysis, engineering and program management. He has worked across discrete manufacturing, professional services and higher education verticals. He also has a working knowledge of equities portfolio management within the financial services domain.Sanjiv is the CEO of Prudentia Consulting, an organization committed to promoting the active usage of the Microsoft Platform. Prior to this, he has worked at Microsoft (US & APAC: 9.2 years), Cognizant Tech Solutions (3.3 years), Yazaki North America (8 years) and until recently at Oracle. Here are a few of his BI/analytics projects driven at scale: Built APAC wide BI dashboard using the Power BI umbrella tool set (Power BI online, Power BI desktop and Power Pivot) and a KPI lake (SQL DB), Helped develop key KPIs – identified key KPIs and helped land this in the DB, Developed a budget audit tool that captured budget inputs from a host of countries across the globe, Developed a business unit P&L reporting tool (functional architecture) in Business Objects for the world-wide financial planning and analysis team.

Alec Tan: Alec Tan is a ACTA certified trainer, He has a number of Comptia certifications. Since 2002, starting off from IT technical background to pre-sales, sales account manager, system integration, operate IT retail / repair shop business in Sim Lim Square 2008 ~ 2012, and back to IT industry employment, freelance IT Trainer till present.

Kishan Raaj: Kishan Raaj is a seasoned Data Science and SAP Program Manager with over 15 years of experience, currently leading all end-to-end training and projects for Data Science across Asia at LITHAN, Singapore. With expertise in machine learning, data analytics, and cloud technologies, he is well-versed in techniques such as regression, decision trees, clustering, and text mining. He has hands-on experience with tools like Python, R, Tableau, PowerBI, and Microsoft Azure Machine Learning Studio.
As an ACTA certified trainer, Kishan has designed and delivered comprehensive courses for SAP and Data Science programs, managing teams and training in multiple countries, including Singapore, Malaysia, China, India, and Vietnam. His background in SAP, particularly in S4/HANA and ABAP, combined with his expertise in machine learning libraries such as TensorFlow and Keras, positions him as a highly capable leader in technical education and project management across various industries.

Quah Chee Yong: Quah Chee Yong is a ACTA certified trainer. Quah Chee Yong Chee Yong is an experienced professional who has held various Technical, Operations and Commercial positions across several industriesA firm believer that AI can create a better world, he has equipped himself with the Knowledge and Skills in the fields of Data Science, Machine Learning, Deep Learning and Cloud Deployment

He has a deep passion for training & facilitating and is currently a Singapore WSQ certified Adult Educator. He particularly enjoys the interactive engagements with his fellow trainers and learners

Peter Cheong :  Peter is a ACLP certied trainer. Specialise In IT related knowlege and conduct IT Training which Include Microsoft Window Server Technology (Wintel) and Linux - Centos/Red Hat. Comptia ,ITIL , Motorola Solution Trunking System and Cisco Networking. I was worked in Motorola Solutions Conduct Motorola Astro 25 Trunking System For Police Force Malaysia (RMPnet),Taiwan Navy, Indonesia METRO POLDA (Police Force). After that Peter Join As IT Group Manager For W-Group which include 17 subsidiaries Companies in Real Estate Developer,Plantation, Building Management Services ,Contruction and also Fiber Opti Service Provider in Sabah,Malaysia.

Alan Tan: Alan Tan is a ACTA certified trainer. Alan Tan hold Masters in Data Science in Singapore University of Technology and Design. He is Microsoft Power Platform PL-900 certified and Microsoft Azure Data Fundamentals  Certified DP-900. He have this skills in Microsoft Power Platform development skills such as Powerapps, Power Automate,Power Portal, Power Virtual Agent, Power BI, Sharepoint, Dataverse, etc. For Programming language such as Python and Robotics Process Automation (RPA) development. He is working as a Senior Data Engineer in an MNC.

Bernard Peh: Bernard Peh is a Business Development Director and ACTA certified trainer with over 20 years of experience in the financial services industry. He has held key leadership roles and integrated technology, digital marketing, and data science to drive growth in sales, recruitment, and financial planning. As a mentor, Bernard has developed many successful financial professionals who have achieved top industry accolades like TOT, COT, and MDRT.

With deep expertise in data science, Bernard has advised firms and designed training programs for institutions like NTUC Learning Hub. He continues to apply data science to collective funds, achieving exceptional results such as a 400% increase in assets under management, while empowering financial professionals with technology-driven solutions.

Ken Hiong: Ken Hiong is a ACTA certified trainer. Ken has over 20 years of work experience in the healthcare and pharmaceutical industry, having assumed various functional and managerial roles in sales, marketing, business development, finance, business analysis and planning. With an interest and experience in scripting, Ken has worked on projects using HTML, CSS, PHP, MySQL, WordPress, MS Office, VBA, Power BI, etc. Notably, Ken is a proven expert Excel user at work who has made efficient many work processes, improved data analysis and enhanced the quality of business planning and reporting for organizations.

Ken graduated with a Pharmacy degree, holds a Master of Business Administration from the National University of Singapore and a Master of Applied Finance from the University of Adelaide. An ardent advocate of lifelong learning, Ken is ACTA trained and seeks to continually upgrade his IT skills through various channels of learning and Microsoft certifications. With MS Office Master qualification, Ken looks forward to assisting individuals and corporations improve their computer skills, productivity and business outcomes.

Audrey Lin : Audrey Lin is a ACTA certified trainer. She is a Business Development Director at Gill Technologies, an IT Consulting and Managed Services Provider focused at servicing SMEs. I'm responsible for the operations, sales, marketing, accounting, and finance functions of the organization. She have 13 years of experience in helping businesses and schools maximize their Return on Investment on IT through the use of the right technology, improving their business processes and increasing user adoption. My expertise is around Microsoft 365, MS Teams and Power BI. To help organizations improve employee productivity with tools from the MS 365 stack, she have delivered several classroom & online-styled end user training sessions to organizations from various industries - real estate, F&B, oil & gas, healthcare, schools, logistics. I have also created multiple customized & on-demand videos that end users can refer to for a quick review. Being certified as a Microsoft Data Analyst Associate, She is proficient at helping businesses gather business insights from their wide array of data. She have been involved in BI Projects with healthcare firms, logistics companies, FIs, etc., starting from the design phase, right through to the daily management of the BI system. Her area of knowledge in managing security and compliance in MS 365 is significant and ever-growing. She have good understanding of the Zero Trust Principle and uses that to improve the IT security posture of her clients. With the support of her engineering team at Gill Technologies, we use cloud-based management tools from MS 365, namely Intune, Endpoint Manager, Defender, etc. to manage our clients' endpoints.