SC-5001: Configure SIEM security operations using Microsoft Sentinel
Course Overview
Course Description:
Strengthen your organization’s defense posture by mastering SIEM (Security Information and Event Management) operations with Microsoft Sentinel. This instructor-led course teaches security professionals how to configure, manage, and operationalize Microsoft Sentinel to detect threats, investigate incidents, and respond effectively within a cloud-native Security Operations Center (SOC).
Designed for real-world impact, the course walks you through setting up data connectors, building custom analytics rules, automating incident response with playbooks, and using Kusto Query Language (KQL) for advanced threat hunting. Learn how to integrate Microsoft Defender XDR, Microsoft Entra ID, and third-party solutions into a centralized threat detection and response strategy.
This course is 40%–50% hands-on, with practical labs and guided configuration scenarios using Microsoft Sentinel.
Target Audience:
This course is ideal for:
Security analysts and SOC operators responsible for threat detection and response
Cloud security engineers managing Microsoft Sentinel environments
IT security professionals deploying or transitioning to cloud-native SIEM solutions
Individuals preparing for the SC-200: Microsoft Security Operations Analyst certification
Prerequisites:
Familiarity with Microsoft 365 security services, basic knowledge of Azure, and general understanding of cybersecurity concepts such as incidents, alerts, and threat indicators.
Course Outline:
Module 1: Introduction to Microsoft Sentinel and SIEM Fundamentals
Understand the purpose of a cloud-native SIEM and the value of Microsoft Sentinel
Explore Sentinel’s architecture, components, and integration with Microsoft Defender XDR
Navigate the Microsoft Sentinel workspace and dashboards
Module 2: Connect and Ingest Data into Microsoft Sentinel
Configure data connectors for Microsoft and third-party sources
Use Log Analytics and Azure Monitor to manage collected telemetry
Understand schema, normalization, and best practices for scalable ingestion
Module 3: Create Analytics Rules and Manage Threat Detection
Build and manage scheduled analytics rules to identify suspicious activity
Use Microsoft’s built-in rule templates and customize detection logic
Implement mitre ATT&CK mappings and tune alerts for precision
Module 4: Investigate and Respond to Incidents
Understand the incident management lifecycle in Microsoft Sentinel
Use workbooks, entity behavior, and notebooks for deep investigation
Correlate alerts and incidents to uncover attack paths and lateral movement
Module 5: Automate Response with Playbooks and Logic Apps
Build automated response workflows using Azure Logic Apps
Trigger actions based on incidents, alerts, or external inputs
Integrate Sentinel with ticketing systems, email, and other automation tools
Module 6: Proactive Threat Hunting with KQL
Use Kusto Query Language (KQL) to perform advanced hunting across logs
Create custom hunting queries to identify anomalies and emerging threats
Leverage built-in hunting queries and develop your own threat intelligence strategies
Module 7: Monitor, Tune, and Maintain Sentinel Operations
Set up workbooks and dashboards for operational visibility
Monitor Sentinel health and performance
Apply best practices for rule tuning, alert management, and cost optimization
Delivery Format:
Instructor-led training with expert guidance
40%–50% hands-on learning using a live Microsoft Sentinel environment
Includes practical configuration, investigation, and automation scenarios
Hands-On Labs
This course includes practical, hands-on laboratory exercises to reinforce your learning:
Ready to Get Started?
Join thousands of professionals who have advanced their careers with our training programs.
Join Scheduled Training
Find upcoming sessions for this course and register for instructor-led training with other professionals.
View ScheduleCustom Training Solution
Need training for your team? We'll create a customized program that fits your organization's specific needs.
Get Custom Quote