Category: SC-200
![Harri Jaakkonen](https://i0.wp.com/www.cloudpartner.fi/wp-content/uploads/2021/09/harri_pic.jpg?fit=32%2C32&ssl=1)
Create custom hunting queries Like stated in the last part, all Gallery content has been Centralized to Content hub. You will see the following notification under Custom hunting rules. https://learn.microsoft.com/en-us/azure/sentinel/sentinel-content-centralize If you need inspiration based on MITRE Framework for your…
![Harri Jaakkonen](https://i0.wp.com/www.cloudpartner.fi/wp-content/uploads/2021/09/harri_pic.jpg?fit=32%2C32&ssl=1)
Activate and customize Microsoft Sentinel workbook templates When we are talking about templates, it’s important to see the following information, you will see this inside your Sentinel workspace. Once you Click on Continue, it will start the migration and show…
![Harri Jaakkonen](https://i0.wp.com/www.cloudpartner.fi/wp-content/uploads/2021/09/harri_pic.jpg?fit=32%2C32&ssl=1)
Triage incidents in Microsoft Sentinel What is Triaging? The SOC’s initial level is triaging. Triaging incoming security situations and assessing their seriousness are the responsibilities of Tier 1 employees. This entails figuring out the incident’s origin, estimating its size, and…
![Harri Jaakkonen](https://i0.wp.com/www.cloudpartner.fi/wp-content/uploads/2021/09/harri_pic.jpg?fit=32%2C32&ssl=1)
13th section starting and this time were are learning on automation, alerts and remediation. Configure automation rules By centrally managing automation rules for event management, users may streamline complicated incident orchestration procedures. Automation rules are triggered by the creation of…
![Harri Jaakkonen](https://i0.wp.com/www.cloudpartner.fi/wp-content/uploads/2021/09/harri_pic.jpg?fit=32%2C32&ssl=1)
12th section starting with more Sentinel. This time we are classifying Entities, creating custom log in Log Analytics and parsing the content. So let’s do some designs and configurations. Classify and analyze data by using entities You can do the…
![Harri Jaakkonen](https://i0.wp.com/www.cloudpartner.fi/wp-content/uploads/2021/09/harri_pic.jpg?fit=32%2C32&ssl=1)
11th section starting with more and more Sentinel. Already in this series we saw that how the different pieces are connected and helping you SOC teams to proactively work on threats. So let’s do some designs and configurations. Design and…
![Harri Jaakkonen](https://i0.wp.com/www.cloudpartner.fi/wp-content/uploads/2021/09/harri_pic.jpg?fit=32%2C32&ssl=1)
And in this 10th section on my SC-200 study guide we will go through the following topics. Identify data sources to be ingested for Microsoft Sentinel On August 31, 2024, the Log Analytics agent is deprecated. You should begin preparing…
![Harri Jaakkonen](https://i0.wp.com/www.cloudpartner.fi/wp-content/uploads/2021/09/harri_pic.jpg?fit=32%2C32&ssl=1)
We are already at the 9th section on my study guide and this time we will start with Sentinel. First I want to point the Ninja training that Ofer Shezaf’s and him team has made for you. It was updated…
And this is the second part of 8th section on my study guide and today we are looking at recommendations and the alerts and incidents it will create. Again by apologies to all that had to wait as I cut…
Already in the 8th section on my study guide and today we are looking alerts, automation workflows and remediations. And because this is an huge section to cover, I will cut it in two different posts, my apologies for the…