Skip to content
Rana Usman Ahmad
All trainings
Prepares you for SC-200

Sentinel SOC Enablement

Stand up and run a SOC on Microsoft Sentinel.

Book this training
Duration
18 hours
Labs
10
Split
70% hands-on / 30% theory
Delivery
Live on Teams
01

What is covered

  • Workspace design and data strategy
  • KQL for detection and hunting
  • Analytics rules and tuning
  • Logic Apps automation
02

What you leave with

  • Write effective KQL detections
  • Design analytics that a lean team can sustain
  • Automate triage and response
03

Reference architecture

We work through the reference architecture for this stack during the training.

IngestData connectors, multicloud logs
DetectAnalytics rules, KQL, UEBA
InvestigateIncidents, hunting
AutomateSOAR playbooks, Logic Apps
Conceptual architecture for this training using the Microsoft stack. Original diagram; product names are trademarks of Microsoft Corporation.
03

Book this training

Booking starts a conversation. Send your details and preferred dates and I will reply with availability. Fees are handled by email reply.

Your request reaches me directly, and I reply personally to arrange dates and fees.