Mastering security analysis with Microsoft Defender XDR

SKU: QAM365COPSC

This two-day instructor-led course provides delegates with the knowledge and skills to effectively use Microsoft Defender XDR and Security Copilot for responding to cyber-attacks. Delegates will learn how to manage and investigate security incidents within the Defender portal, leveraging automated investigations and threat intelligence.

The course also covers the use of Kusto Query Language (KQL) for advanced threat hunting and introduces Security Copilot as a tool to assist in incident response, script and file analysis, and report generation. Designed for security professionals, this course enables participants to enhance their organisation’s cyber resilience by efficiently detecting, analysing, and mitigating security threats.

Forkröfur

An understanding of core technical concepts, including applications, file storage, networking and identities.

An understanding of common security threats and attacks such as malware, phishing, ransomware and software exploits

Instructors will demonstrate features throughout the event. Optional lab exercises are available for students to complete using a commercial Microsoft 365 tenancy with an Azure subscription provided for each student free of charge by QA. The tenancy lasts for 30 days. The Azure subscription will have enough credit to perform lab exercises.

Target audience

This course is designed for:

Security analysts responsible for monitoring and responding to cyber threats.
IT administrators with a role in cybersecurity incident response.

Security professionals looking to enhance their skills in Microsoft Defender XDR and Security Copilot.

Nemandi mun læra eftirfarandi

By the end of this course, delegates will be able to:

Navigate the Microsoft Defender portal and explain integrations with Microsoft services such as Entra ID and Azure.
Use Defender XDR to investigate and respond to cybersecurity incidents, leveraging automated investigations and threat intelligence.
Build advanced threat-hunting queries using Kusto Query Language (KQL).
Onboard and use Copilot for Security to assist with incident response, script and file analysis, KQL query writing, and report generation.

Samantekt

Overview of Microsoft Defender XDR

Introduction to Microsoft Defender XDR
Cybersecurity attack methodologies
- Zero Trust model
- MITRE ATT&CK framework
- Example attack chains
- Security news and emerging threats
Microsoft Defender XDR services
Services overview and capabilities
Integrations with other Microsoft solutions
Investigating and responding to security threats
Lab: Hands-on exploration of Defender XDR

Incident response

Managing alerts and incidents
- Alert triage and correlation
- Incident investigation techniques
Response actions
Containing and mitigating threats at the device, user, and network level
Understanding automated attack disruption
Remediation actions and Action Center
Automated investigations
Lab: Incident investigation and response

Advanced threat hunting with KQL

Introduction to Kusto Query Language (KQL)
- Guided and advanced query modes
- Understanding the schema
- Saving and sharing queries
KQL syntax and querying techniques
Searching, filtering, and sorting data
Using joins for data correlation
Summarising and visualising threat data
Working with strings, dates, and times
Lab: Writing and executing KQL queries for threat hunting

Security Copilot

Onboarding Security Copilot
- Planning and setup
- Creating a capacity and configuring settings
- Understanding available plugins
Standalone capabilities
Using prompts for security insights
System capabilities and automation
Prompt books for common security tasks
Incident summaries and guided response
Script and file analysis
Advanced threat hunting with Copilot
Generating incident reports
Embedded capabilities
Lab: Leveraging Security Copilot for threat analysis and automation

Exams and Assessments

This course does not include any formal assessments.