This article is contributed. See the original author and article here.
Microsoft 365 Defender, part of Microsoft’s XDR solution, leverages the Microsoft 365 security portfolio to automatically analyze threat data across domains, building a complete picture of each attack in a single dashboard. This Ninja blog covers the features and functions of Microsoft 365 Defender – everything that goes across the workloads, but not the individual workloads themselves. The content is structured into three different knowledge levels, with multiple modules: Fundamentals, Intermediate, and Expert.
We will keep updating this training on a regular basis and highlight new resources.
Table of Contents
Security Operations Fundamentals
Module 3. Investigation – Incident
Module 6. Community (blogs, webinars, GitHub)
Security Operations Intermediate
Module 4. Automated investigation and remediation
Module 3. APIs, custom reports, SIEM & other integrations
Legend:
|
|
|
|
|
|
⤴ External |
|
Security Operations Fundamentals
Module 1. Technical overview
Module 2. Getting started
Quick tutorial to get you started
Starting the service
Prepare your Azure Active Directory
Manage access
Module 3. Investigation – Incident
Work with incidents
See how consolidated incidents improve SOC efficiency
Protect your organization with Microsoft 365 Defender
Module 4. Advanced hunting
Quick overview & a short tutorial that will get you started fast
Learn the query language
Understand the schema
Module 5. Self-healing
Module 6. Community (blogs, webinars, GitHub)
Security Operations Intermediate
Module 1. Architecture
Module 2. Investigation
Correlating and consolidating attacks into incidents
Investigate incidents
Mapping attack chains from cloud to endpoint
Prioritize incidents
Manage incidents
Report false positives/negatives
Module 3. Advanced hunting
Advanced hunting cheat sheet
Webinar series, episode 1: KQL fundamentals (MP4, YouTube)
Advanced hunting query best practices
Advanced hunting queries on GitHub
Module 4. Automated investigation and remediation
Module 6. Self-healing
Learn about the various AIR capabilities
Self-healing explained based on an example
Configure automated investigation and response capabilities
Approve or reject pending actions
Report a false positive/negative to Microsoft for analysis
The action center
Module 5. Build your own lab
Module 7. Reporting
Security Operations Expert
Module 1. Incidents
Module 2. Advanced hunting
-
Webinar series, episode 2: Joins (MP4, YouTube)
-
Webinar series, episode 3: Summarizing, pivoting, and visualizing Data (MP4, YouTube)
-
Webinar series, episode 4: Let’s hunt! Applying KQL to incident tracking (MP4, YouTube)
- ⤴ Plural sight KQL training
Module 3. APIs, custom reports, SIEM & other integrations
Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.
Recent Comments