SC-200: Create detections and perform investigations using Microsoft Sentinel

At a glance

Detect previously uncovered threats and rapidly remediate threats with built-in orchestration and automation in Microsoft Sentinel. This learning path aligns with Exam SC-200: Security Operation Analyst.

Prerequisites

  • Understand how to use KQL in Microsoft Sentinel like you could learn from learning path SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
  • Understand how data is connected to Microsoft Sentinel like you could learn from learning path SC-200: Connect logs to Microsoft Sentinel
Start

Modules in this learning path

By the end of this module, you'll be able to use automation rules in Microsoft Sentinel to automated incident management.

This module describes how to create Microsoft Sentinel playbooks to respond to security threats.

Learn about security incidents, incident evidence and entities, incident management, and how to use Microsoft Sentinel to handle incidents.

Learn how to use entity behavior analytics in Microsoft Sentinel to identify threats inside your organization.

By the end of this module, you're able to use Advanced Security Information Model (ASIM) parsers to identify threats inside your organization.

By the end of this module, you'll be able to manage content in Microsoft Sentinel.