Masterclass: SOC Analyst Course – EY Academy of Business

Masterclass: SOC Analyst Course

The course is dedicated to people who want to learn about Microsoft’s cloud environment monitoring tools and framework.

At the beginning, you will be introduced to the management of Azure Active Directory, service auditing and logs, roles related to monitoring threats in the cloud, or the implementation of PIM and PAM services.

The next module is to walk you through cloud security configuration best practices with a secure score, Azure Defender for servers or security standards recommendations.

During the course, you will be able to configure an environment with EDR enabled, where we will try to attack endpoints and user identity and see how EDR behaves. Then we will go through security operations best practices and make hunting queries. The implemented EDR solution and other components of the security stack will be linked within the Microsoft SIEM, which will allow monitoring and implementation of responses to threats.

This is an international Live Virtual Class, which means you will share the learning experience with a group of IT pros from around the world! The class is taught in English by CQURE Cybersecurity Experts! Remember that this course is limited to 12 participants to ensure the highest quality and unique learning experience! During this course, you will have an opportunity to interact with the instructors and get their help with any problems you might encounter, just as if it was a regular class.

SOC analysts, Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

 

What do you need to know? To attend this training, you should have good hands-on experience in administering Windows infrastructure and basic experience with public cloud concepts (Office 365, Azure).

Exercises

All exercises are based on Windows Server 2016 and 2019, Windows 10, Kali Linux and Azure Cloud. During the course our finest specialists will use their unique tools, over 100 pages of exercises and presentation slides with notes.

Certification

What is wonderful about our certification is that it is lifetime valid with no renewal fees – the technology changes, but fundamentals and attitude remain mostly the same. Our Virtual Certificates, which entitle you to collect CPE Points, are issued via Accredible.

Module 1: Monitoring operations in Azure AD

1. Azure Active Directory Operations and Logs
2. Azure AD Roles
3. Identity Protection – Roles, Review access, alerts, Discovery and Insights
4. How to deal with Audit Log
5. Challenging Azure AD settings in Azure and Office from a red team perspective
6. Privileged Identity Management – JITA, Discover and Monitor
7. Office Management API – Logs around Office 365
8. Microsoft Azure Policies – getting started, compliance, remediation, assignments, blueprints
9. Labs

Module 2: Microsoft 365 security

1. Secure Score and Security Center
2. Best Practices for Improving Your Secure Score
3. Azure Defender for Servers
4. Security Benchmark Policy
5. Labs
6. STIG & CIS – cloud security baseline

Module 3: Microsoft 365 Defender for Endpoint – EDR

1. Intro 101 (configuration, device inventory, concept, Report, alerts) and EDR deployment
2. Security Operations best practices with Microsoft EDR
3. How to manage Incidents
4. Kusto language 101 – basic and advanced queries
5. Advanced Hunting
6. Partner & APIs
7. Hacker ways to hide malware and bypass EDR
8. Attacks examples and remediation labs
9. EDR Integration with Microsoft Defender for Identity
10. EDR Integration with Microsoft Defender for Office 365

Module 4: eXtended Detection and Response with Sentinel

1. Sentinel 101 – Azure Sentinel Dashboards, Connectors
2. Understanding Normalization in Azure Sentinel
3. Cloud & on-prem architecture
4. Workbooks deep dive – Visualize your security threats and hunts
5. Incidents
6. KQL intro (KQL hands-on lab exercises) and Optimizing Azure Sentinel KQL queries performance
7. Auditing and monitoring your Azure Sentinel workspace
8. Sentinel configuration with Microsoft Cloud stack, EDR and MCAS
9. Fusion ML Detections with Scheduled Analytics Rules
10. Streamlining your SOC Workflow with Automated Notebooks
11. Customizing Azure Sentinel with Python
12. Best Practices for Converting Detection Rules from Splunk, QRadar, and ArcSight to Azure Sentinel Rules
13. Deep Dive into Azure Sentinel Innovations
14. Investigating Azure Security Center alerts using Azure Sentinel
15. Customizable Anomalies and How to Use Them
16. Introduction to Monitoring GitHub with Azure Sentinel for Security Professionals
17. Hunting in Sentinel
18. Deep Dive into Threat Intelligence
19. End-to-End SOC scenario with Sentinel

Module 5: Microsoft Cloud App Security

1. Introduction to MCAS
2. Enabling Secure Remote Work
3. App Discovery and Log Collector Configuration
4. Extending real-time monitoring & controls to any app
5. Connecting 3rd party Applications
6. Automation and integration with Microsoft Flow
7. Conditional Access App Control
8. Threat detection
9. Information Protection
10. Labs: Protect Your Environment Using MCAS
11. DLP in Microsoft stack – how to deploy and monitor using MCAS and Sentinel

Dr. Mike Jankowski-Lorek - One of the core Experts at CQURE – a worldwide known cyber security company. Dr. Mike is a solution architect, developer, data scientist and security expert with more than 15 years of experience in the field.

Masterclass: SOC Analyst Course

The course is dedicated to people who want to learn about Microsoft’s cloud environment monitoring tools and framework.

At the beginning, you will be introduced to the management of Azure Active Directory, service auditing and logs, roles related to monitoring threats in the cloud, or the implementation of PIM and PAM services.

The next module is to walk you through cloud security configuration best practices with a secure score, Azure Defender for servers or security standards recommendations.

During the course, you will be able to configure an environment with EDR enabled, where we will try to attack endpoints and user identity and see how EDR behaves. Then we will go through security operations best practices and make hunting queries. The implemented EDR solution and other components of the security stack will be linked within the Microsoft SIEM, which will allow monitoring and implementation of responses to threats.

This is an international Live Virtual Class, which means you will share the learning experience with a group of IT pros from around the world! The class is taught in English by CQURE Cybersecurity Experts! Remember that this course is limited to 12 participants to ensure the highest quality and unique learning experience! During this course, you will have an opportunity to interact with the instructors and get their help with any problems you might encounter, just as if it was a regular class.

For whom?

SOC analysts, Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

 

What do you need to know? To attend this training, you should have good hands-on experience in administering Windows infrastructure and basic experience with public cloud concepts (Office 365, Azure).

Objectives and benefits

Exercises

All exercises are based on Windows Server 2016 and 2019, Windows 10, Kali Linux and Azure Cloud. During the course our finest specialists will use their unique tools, over 100 pages of exercises and presentation slides with notes.

Certification

What is wonderful about our certification is that it is lifetime valid with no renewal fees – the technology changes, but fundamentals and attitude remain mostly the same. Our Virtual Certificates, which entitle you to collect CPE Points, are issued via Accredible.

Programme

Module 1: Monitoring operations in Azure AD

1. Azure Active Directory Operations and Logs
2. Azure AD Roles
3. Identity Protection – Roles, Review access, alerts, Discovery and Insights
4. How to deal with Audit Log
5. Challenging Azure AD settings in Azure and Office from a red team perspective
6. Privileged Identity Management – JITA, Discover and Monitor
7. Office Management API – Logs around Office 365
8. Microsoft Azure Policies – getting started, compliance, remediation, assignments, blueprints
9. Labs

Module 2: Microsoft 365 security

1. Secure Score and Security Center
2. Best Practices for Improving Your Secure Score
3. Azure Defender for Servers
4. Security Benchmark Policy
5. Labs
6. STIG & CIS – cloud security baseline

Module 3: Microsoft 365 Defender for Endpoint – EDR

1. Intro 101 (configuration, device inventory, concept, Report, alerts) and EDR deployment
2. Security Operations best practices with Microsoft EDR
3. How to manage Incidents
4. Kusto language 101 – basic and advanced queries
5. Advanced Hunting
6. Partner & APIs
7. Hacker ways to hide malware and bypass EDR
8. Attacks examples and remediation labs
9. EDR Integration with Microsoft Defender for Identity
10. EDR Integration with Microsoft Defender for Office 365

Module 4: eXtended Detection and Response with Sentinel

1. Sentinel 101 – Azure Sentinel Dashboards, Connectors
2. Understanding Normalization in Azure Sentinel
3. Cloud & on-prem architecture
4. Workbooks deep dive – Visualize your security threats and hunts
5. Incidents
6. KQL intro (KQL hands-on lab exercises) and Optimizing Azure Sentinel KQL queries performance
7. Auditing and monitoring your Azure Sentinel workspace
8. Sentinel configuration with Microsoft Cloud stack, EDR and MCAS
9. Fusion ML Detections with Scheduled Analytics Rules
10. Streamlining your SOC Workflow with Automated Notebooks
11. Customizing Azure Sentinel with Python
12. Best Practices for Converting Detection Rules from Splunk, QRadar, and ArcSight to Azure Sentinel Rules
13. Deep Dive into Azure Sentinel Innovations
14. Investigating Azure Security Center alerts using Azure Sentinel
15. Customizable Anomalies and How to Use Them
16. Introduction to Monitoring GitHub with Azure Sentinel for Security Professionals
17. Hunting in Sentinel
18. Deep Dive into Threat Intelligence
19. End-to-End SOC scenario with Sentinel

Module 5: Microsoft Cloud App Security

1. Introduction to MCAS
2. Enabling Secure Remote Work
3. App Discovery and Log Collector Configuration
4. Extending real-time monitoring & controls to any app
5. Connecting 3rd party Applications
6. Automation and integration with Microsoft Flow
7. Conditional Access App Control
8. Threat detection
9. Information Protection
10. Labs: Protect Your Environment Using MCAS
11. DLP in Microsoft stack – how to deploy and monitor using MCAS and Sentinel

Price

EUR 3500 net

Location

Online

Date

10-14 October 2022

Contact

Sabina Sikorska-Suwała

Expert in IT and Cybersecurity courses

  • +48 572 002 720
  • Sabina.Sikorska-Suwala@pl.ey.com