SC-200: Create detections and perform investigations using Microsoft Sentinel
Detect previously uncovered threats and rapidly remediate threats with built-in orchestration and automation in Microsoft Sentinel. This learning path aligns with Exam SC-200: Security Operation Analyst.
Prerequisites
- Understand how to use KQL in Microsoft Sentinel like you could learn from learning path SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
- Understand how data is connected to Microsoft Sentinel like you could learn from learning path SC-200: Connect logs to Microsoft Sentinel
Achievement Code
Would you like to request an achievement code?
Modules in this learning path
In this module, you learned how Microsoft Sentinel Analytics can help the SecOps team identify and stop cyber attacks.
By the end of this module, you'll be able to use automation rules in Microsoft Sentinel to automated incident management.
This module describes how to create Microsoft Sentinel playbooks to respond to security threats.
Learn about security incidents, incident evidence and entities, incident management, and how to use Microsoft Sentinel to handle incidents.
Learn how to use entity behavior analytics in Microsoft Sentinel to identify threats inside your organization.
By the end of this module, you're able to use Advanced Security Information Model (ASIM) parsers to identify threats inside your organization.
This module describes how to query, visualize, and monitor data in Microsoft Sentinel.
By the end of this module, you'll be able to manage content in Microsoft Sentinel.