MEAPSA

Security incident management in Microsoft Sentinel

In this module, you'll investigate Microsoft Sentinel incident management, learn about Microsoft Sentinel events and entities, and discover ways to resolve incidents.

Solution Architect

Azure

Sentinel

Module Objectives

In this module, you will:

Understand Microsoft Sentinel incident management
Explore Microsoft Sentinel evidence and entity management
Investigate and manage incident resolution

Units

Introduction min
Exercise setup min
Describe incident management min
Understand evidence and entities min
Manage incidents min
Exercise - Investigate an incident min
Summary min

Prerequisites

Familiarity with security operations in an organization
Basic experience with Azure services
Basic knowledge of operational concepts, such as monitoring, logging, and alerting
Basic knowledge of Microsoft Sentinel rules