You're reading from Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide Manage, monitor, and respond to threats using Microsoft Security Stack for securing IT systems

Product type Paperback

Published in Mar 2022

Publisher Packt

ISBN-13 9781803231891

Length 288 pages

Edition 1st Edition

Tools

Microsoft Sentinel

Concepts

Cybersecurity

Authors (2):

Trevor Stuart

Joe Anich

View More author details

Table of Contents (19) Chapters

Preface

1. Section 1 – Exam Overview and Evolution of Security Operations

2. Chapter 1: Preparing for Your Microsoft Exam and SC-200 Objectives FREE CHAPTER

3. Chapter 2: The Evolution of Security and Security Operations

4. Section 2 – Implementing Microsoft 365 Defender Solutions

5. Chapter 3: Implementing Microsoft Defender for Endpoint

6. Chapter 4: Implementing Microsoft Defender for Identity

7. Chapter 5: Understanding and Implementing Microsoft Defender for Cloud (Microsoft Defender for Cloud Standard Tier)

8. Section 3 – Familiarizing Yourself with Alerts, Incidents, Evidence, and Dashboards

9. Chapter 6: An Overview: Microsoft Defender for Endpoint Alerts, Incidents, Evidence, and Dashboards

10. Chapter 7: Microsoft Defender for Identity, What Happened, Alerts, and Incidents

11. Chapter 8: Microsoft Defender for Office – Threats to Productivity

12. Chapter 9: Microsoft Defender for Cloud Apps and Protecting Your Cloud Apps

13. Section 4 – Setting Up and Connecting Data Sources to Microsoft Sentinel

14. Chapter 10: Setting Up and Configuring Microsoft Sentinel

15. Section 5 – Hunting Threats within Microsoft 365 Defender and Microsoft Sentinel

16. Chapter 11: Advanced Threat Hunting, Microsoft 365 Defender Portal, and Sentinel

17. Chapter 12: Knowledge Check

18. Other Books You May Enjoy

Chapter 7: Microsoft Defender for Identity, What Happened, Alerts, and Incidents

Alright, folks, it's time. We're going deep, deep into Microsoft Defender for Identity (MDI). As I've stated before, MDI is one of or if not my favorite tool in the M365 security stack. It provides so much rich information on your Active Directory environment, including network traffic to and from domain controllers, security logs, sites and subnets, and entity information. All of that is taken in and used to identify indicators of attack. It can also create alerts if an actual attack is detected, as well as providing your Security Operations Center (SOC) with threat signals from the network for you to go and investigate. We won't touch on this much, but MDI also supports RADIUS logs for VPN services. Of course, by adding RADIUS logs to your MDI tenant, you get added user information that includes any VPN connection information for that user. Details such as IP address and location...

The rest of the chapter is locked

You're reading from Microsoft Security Operations Analyst Exam Ref SC-200 Certification Guide Manage, monitor, and respond to threats using Microsoft Security Stack for securing IT systems

Table of Contents (19) Chapters

Chapter 7: Microsoft Defender for Identity, What Happened, Alerts, and Incidents

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you