This article is contributed. See the original author and article here.
Microsoft 365 Defender, part of Microsoft’s XDR solution, leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, building a complete picture of each attack in a single dashboard. This Ninja blog covers the features and functions of Microsoft 365 Defender – everything that goes across the workloads, but not the individual workloads themselves. The content is structured into three different knowledge levels, with multiple modules: Fundamentals, Intermediate, and Expert.
We will keep updating this training on a regular basis and highlight new resources.
Table of Contents
Security Operations Fundamentals
Module 3. Investigation – Incident
Module 6. Community (blogs, webinars, GitHub)
Security Operations Intermediate
Module 4. Automated investigation and remediation
Module 3. APIs, custom reports, SIEM & other integrations
Legend:
Product videos | Webcast recordings | Tech Community |
Docs on Microsoft | Blogs on Microsoft | GitHub |
⤴ External | Interactive guides |
Security Operations Fundamentals
Module 1. Technical overview
Module 2. Getting started
- Quick tutorial to get you started
- Starting the service
- Prepare your Azure Active Directory
- Manage access
Module 3. Investigation – Incident
- Work with incidents
- See how consolidated incidents improve SOC efficiency
- Protect your organization with Microsoft 365 Defender
Module 4. Advanced hunting
- Quick overview & a short tutorial that will get you started fast
- Learn the query language
- Understand the schema
Module 5. Self-healing
Module 6. Community (blogs, webinars, GitHub)
Security Operations Intermediate
Module 1. Architecture
Module 2. Investigation
- Correlating and consolidating attacks into incidents
- Investigate incidents
- Mapping attack chains from cloud to endpoint
- Prioritize incidents
- Manage incidents
- Report false positives/negatives
Module 3. Advanced hunting
- Advanced hunting cheat sheet
- Webinar series, episode 1: KQL fundamentals (MP4, YouTube)
- Advanced hunting query best practices
- Advanced hunting queries on GitHub
Module 4. Automated investigation and remediation
Module 6. Self-healing
- Learn about the various AIR capabilities
- Self-healing explained based on an example
- Configure automated investigation and response capabilities
- Approve or reject pending actions
- Report a false positive/negative to Microsoft for analysis
- The action center
Module 5. Build your own lab
Module 7. Reporting
Security Operations Expert
Module 1. Incidents
Module 2. Advanced hunting
- Webinar series, episode 2: Joins (MP4, YouTube)
- Webinar series, episode 3: Summarizing, pivoting, and visualizing Data (MP4, YouTube)
- Webinar series, episode 4: Let’s hunt! Applying KQL to incident tracking (MP4, YouTube)
- ⤴ Plural sight KQL training
Module 3. APIs, custom reports, SIEM & other integrations
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments