From the course: Microsoft Security Operations Analyst Associate (SC-200) Cert Prep by Microsoft Press
Join today to access over 25,600 courses taught by industry experts.
Investigate threats using a unified audit log
From the course: Microsoft Security Operations Analyst Associate (SC-200) Cert Prep by Microsoft Press
Investigate threats using a unified audit log
“
- [Instructor] The first topic of this lesson is to investigate threats by using unified audit log. But before we start investigating, let's have a quick overview of the unified audit log. As the name implies, the Unified Audit Log is a solution to capture, record, and retain the logs. Audit records for these events are searchable, using the Microsoft Purview or Microsoft Defender Portal audit search. Microsoft Purview, provides two auditing solutions: Audit Standard and Audit Premium. All user, and admin activities performed in Microsoft 365 services and solutions, are captured, recorded, and retained in the unified audit log. Okay? Now for the SC-200 exam, we need to focus on investigating threats by using the Unified Audit Log, which we will see shortly. But here is a quick comparison table between the key capabilities available in Audit Standard and Audit Premium. Microsoft Purview Audit…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Watch this course anytime, anywhere.
Get started with a free trial today.
Contents
-
-
(Locked)
Learning objectives1m 2s
-
(Locked)
Configure a connection from Defender XDR to a Sentinel workspace5m 11s
-
(Locked)
Configure alert and vulnerability notification rules4m 32s
-
(Locked)
Configure Microsoft Defender for Endpoint advanced features7m 14s
-
(Locked)
Configure endpoint rules settings, including indicators and web content filtering8m 55s
-
(Locked)
Manage automated investigation and response capabilities in Microsoft Defender XDR6m 5s
-
(Locked)
Configure automatic attack disruption in Microsoft Defender XDR6m 25s
-
(Locked)
-
-
(Locked)
Learning objectives1m 1s
-
(Locked)
Configure and manage device groups, permissions, and automation levels in Microsoft Defender for Endpoint7m 7s
-
(Locked)
Identify and remediate unmanaged devices in Microsoft Defender for Endpoint4m 22s
-
(Locked)
Manage resources using Azure Arc7m 16s
-
(Locked)
Connect environments to Microsoft Defender for Cloud using multi-cloud account management6m 53s
-
(Locked)
Discover and remediate unprotected resources using Defender for Cloud6m 16s
-
(Locked)
Identify and remediate devices at risk using Microsoft Defender Vulnerability Management7m
-
(Locked)
-
-
(Locked)
Learning objectives53s
-
(Locked)
Plan a Microsoft Sentinel workspace3m 55s
-
(Locked)
Configure Microsoft Sentinel roles3m 9s
-
(Locked)
Specify Azure RBAC roles for Microsoft Sentinel configuration3m 39s
-
(Locked)
Design and configure Microsoft Sentinel data storage, including log types and log retention7m 49s
-
(Locked)
Manage multiple workspaces using Workspace Manager and Azure Lighthouse4m 17s
-
(Locked)
-
-
(Locked)
Learning objectives1m 30s
-
(Locked)
Identify data sources to be ingested for Microsoft Sentinel and implement content hub solutions5m 16s
-
(Locked)
Configure and use Microsoft connectors for Azure resources, including Azure Policy and diagnostic settings3m 34s
-
(Locked)
Configure bidirectional synchronization between Microsoft Sentinel and Microsoft Defender XDR4m 51s
-
(Locked)
Configure bidirectional synchronization between Microsoft Sentinel and Microsoft Defender for Cloud2m 54s
-
(Locked)
Plan and configure Syslog and Common Event Format (CEF) event collections6m 29s
-
(Locked)
Plan and configure collection of Windows Security events using data collection rules, including Windows Event Forwarding (WEF)4m 33s
-
(Locked)
Configure threat intelligence connectors, including platform, TAXII, upload indicators API, and MISP6m 45s
-
(Locked)
Create custom log tables in the workspace to store ingested data5m 52s
-
(Locked)
-
-
(Locked)
Learning objectives47s
-
Configure policies for Microsoft Defender for Cloud apps8m 30s
-
(Locked)
Configure policies for Microsoft Defender for Office6m 30s
-
(Locked)
Configure security policies for Microsoft Defender for Endpoints, including attack surface reduction (ASR) rules6m 40s
-
(Locked)
Configure cloud workload protections in Microsoft Defender for Cloud8m 25s
-
(Locked)
-
-
(Locked)
Learning objectives1m
-
(Locked)
Classify and analyze data using entities8m 30s
-
Configure scheduled query rules, including KQL14m 43s
-
(Locked)
Configure near-real-time (NRT) query rules, including KQL3m 59s
-
(Locked)
Manage analytics rules from content hub4m 5s
-
(Locked)
Configure anomaly detection analytics rules7m 11s
-
(Locked)
Configure the fusion rule6m 48s
-
(Locked)
Query Microsoft Sentinel data using ASIM parsers8m 47s
-
(Locked)
Manage and use threat indicators8m 2s
-
(Locked)
-
-
(Locked)
Learning objectives1m 46s
-
(Locked)
Investigate and remediate threats to Microsoft Teams, SharePoint Online, and OneDrive5m 34s
-
(Locked)
Investigate and remediate threats in email using Microsoft Defender for Office6m 8s
-
(Locked)
Investigate and remediate ransomware and business email compromise incidents identified by automatic attack disruption4m 39s
-
(Locked)
Investigate and remediate compromised entities identified by Microsoft Purview data loss prevention (DLP) policies5m 1s
-
(Locked)
Investigate and remediate threats identified by Microsoft Purview insider risk policies10m 1s
-
(Locked)
Investigate and remediate alerts and incidents identified by Microsoft Defender for Cloud7m 59s
-
(Locked)
Investigate and remediate security risks identified by Microsoft Defender for Cloud apps5m 3s
-
(Locked)
Investigate and remediate compromised identities in Microsoft Entra ID3m 48s
-
(Locked)
Investigate and remediate security alerts from Microsoft Defender for Identity5m 4s
-
(Locked)
Manage actions and submissions in the Microsoft Defender portal8m 34s
-
(Locked)
-
-
(Locked)
Learning objectives55s
-
(Locked)
Create and configure automation rules12m 16s
-
(Locked)
Create and configure Microsoft Sentinel playbooks12m 24s
-
(Locked)
Configure analytic rules to trigger automation3m 22s
-
(Locked)
Trigger playbooks manually from alerts and incidents1m 28s
-
(Locked)
Run playbooks on on-premises resources7m 57s
-
(Locked)
-
-
(Locked)
Learning objectives53s
-
(Locked)
Analyze attack vector coverage using the MITRE ATT&CK in Microsoft Sentinel8m 46s
-
(Locked)
Customize content gallery hunting queries8m 35s
-
(Locked)
Use hunting bookmarks for data investigations4m 5s
-
(Locked)
Monitor hunting queries using Livestream3m 32s
-
(Locked)
Retrieve and manage archived log data4m 19s
-
(Locked)
Create and manage search jobs7m 54s
-
(Locked)