Cyber threats continue to evolve at an alarming rate, and Security Information and Event Management (SIEM) systems are still the core tools needed for security teams to effectively detect, triage, and respond to and triage incidents. Microsoft Sentinel is a fairly young SIEM, being made available as part of a general Azure release in 2019. Because it is provided as part of Azure, it can be deployed effortlessly, and adoption is skyrocketing. Being closely tied to Azure, it can also be configured to easily interact with cloud resources and other Microsoft products, improving the capability of its Security Orchestration, Automation, and Response (SOAR) functionality without massive integration overheads.On-demand, practical training for Microsoft Sentinel is lacking. In March, Immersive Labs released Microsoft Sentinel hands-on labs, which provide users with access through the browser to realistic live-fire environments that take users from zero to hero with the skills and knowledge they need to be effective with Microsoft Sentinel.
Our labs cover the fundamentals of Microsoft Sentinel, such as querying with KQL, before diving into configuring analytics rules, creating and managing watchlists, and deploying custom logic apps to enhance Microsoft Sentinel’s SOAR capabilities with automation rules and playbooks.
The labs also provide realistic live-attack scenarios for users to investigate, giving them an understanding of how the incident process works in Microsoft Sentinel.
The labs provide high fidelity, realistic environments to interact with. We provide all the access required, and so you don’t need to worry about bringing your own account or managing any infrastructure.Finally, our labs intelligently detect task completion. These tasks guide the users on what they need to do, whether they need to update a configuration or resolve a security incident. It then checks that the task has been completed successfully, without introducing any new security vulnerabilities. This ensures managers can have confidence users have not cheated and have successfully completed the labs while gaining the required skills.
Check out the video showing our labs in action:
Azure Basics
Our Azure Basics collection introduces fundamental concepts and core services within the Microsoft Azure cloud platform, including storage accounts, virtual machines, and serverless function applications. This will ensure you're comfortable configuring resources in the Azure web portal, and familiar with basic resource management, giving you the experience you need to try the rest of our Azure-focused collections.
Microsoft Sentinel Deployment & Log Ingestion
In this collection, you'll learn how to deploy and configure Microsoft Sentinel, Microsoft's cloud-native SIEM solution. You'll discover how to integrate logs from your cloud workloads, setting the scene for effective log analysis. Through hands-on exercises on real Azure infrastructure, this collection provides practical experience in configuring real cloud infrastructure to log to a real Microsoft Sentinel deployment.
Microsoft Sentinel Blue Team Ops
Effective detections in your SIEM can help alert you to threats early, reducing your time to remediation and preventing alert fatigue. In this collection, you'll learn about Microsoft Sentinel alerts and incidents, how to configure analytical rules, create watchlists, and query using KQL in Microsoft Sentinel. You'll also practice setting up detection mechanisms to identify suspicious activities, compiling watchlists of indicators of compromise, and crafting advanced queries to investigate security incidents and anomalies.
Microsoft Sentinel: Security Orchestration Automation and Response (SOAR)
This collection introduces you to automating security responses by creating logic apps, automation rules, and playbooks in Microsoft Sentinel. You'll learn how to streamline incident response processes, automatically enrich incidents from third party data sources, automate repetitive tasks, and orchestrate security actions across integrated tools and services.
Kusto Query Language
This collection introduces basic concepts such as KQL syntax and simple queries, up to advanced operations such as joining logs from multiple tables and enriching with third-party datasets. The labs break down complicated concepts and allow you to apply the learning in real Azure environments, against real logs in real time. There aren't shortcuts to learning KQL; in an industry first, this comprehensive collection will slowly compound concepts and cement learning through real application. Most of the examples use real cyber-security data, to help provide real context around the usage of advanced functionality, enabling users to draw powerful insights from their data.
