MS Sentinel: Investigate

To access material, start machines and answer questions login.

Our Microsoft Sentinel journey continues. Let's take a quick snapshot of where we are in this journey and review the milestones we've passed in the previous rooms:

Onboarding - Microsoft Sentinel concepts, planning and initial deployment
Configuration - Installing Content hub solutions
Configuration - Connecting Data connectors
Threat detection - Analytics rules enabled

Learning Objectives

In this room, we will look into incident investigation and management concepts to see how we can easily manage security incidents in Microsoft Sentinel.

Firstly, we'll introduce incident tools and features in Microsoft Sentinel
Then, investigate sample incidents
Finally, we'll see how we can manage incidents, hand them over, or escalate them a higher level security team

Prerequisites

A good understanding of previous Sentinel rooms is recommended to fully leverage the benefits of this room:

MS Sentinel: Introduction
MS Sentinel: Deploy
MS Sentinel: Ingest Data
MS Sentinel: Detect

Answer the questions below

Let's go!

MS Sentinel: Investigate

Task 1Introduction

Learning Objectives

Prerequisites

Task 2Events / Alerts / IncidentsPremium

Task 3Incidents OverviewPremium

Task 4Triage and Investigate - Ownership, Status, TasksPremium

Task 5Triage and Investigate - Timeline, Logs, Entities, VisualPremium

Task 6Incident Closure - True / Benign / False PositivesPremium

Task 7Lab InstructionsPremium

Task 8Lab-05: Investigate IncidentsPremium

Task 9ConclusionPremium

Ready to learn Cyber Security?