Masterclass: SOC Analyst Course

During this 5-day course of super intensive training you will gain crucial cybersecurity knowledge and skills in terms of SOC analytics.

You´ll be able to:

  • Get the highest quality and unique learning experience – the class is limited to 16 participants by default.
  • Get the opportunity to interact with our world-renowned Experts.
  • Go through CQURE’s custom lab exercises and practice them after the course.
  • Receive a lifelong certification after completing the course!

Why this course?

This is a 5-day deep dive course on SOC analytics, a must-go for SOC analysts, Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security. It is delivered by one of the best people in the market in the security field and what is more, this is an international Live Virtual Class so you will be able to share the learning experience with a group of IT pros from around the world without leaving your home or office!

 Target Audience

This is an advanced course on SOC analytics for Cybersecurity Specialists.

SOC analysts, Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security. To attend this training, you should have a good hands-on experience in administering Windows infrastructure and basic around public cloud concept (Office 365, Azure).

 

This Live Virtual Class consists of 5 Modules in terms of SOC analytics. They include essential theory combined with individual practice during the exercises as well as loads of hands-on tools and real-case scenarios.

Module 1: Monitoring operations in Azure AD

  1. Azure Active Directory Operations and Logs
  2. Azure AD Roles
  3. Identity Protection – Roles, Review access, alerts, Discovery and Insights
  4. How to deal with Audit Log
  5. Challenging Azure AD settings in Azure and Office from red team perspective
  6. Privileged Identity Management – JITA, Discover and Monitor
  7. Office Management API – Logs around Office 365
  8. Microsoft Azure Policies – getting started, compliance, remediation, assignments, blueprints
  9. Labs

Module 2: Microsoft 365 Security

  1. Secure Score and Security Center
  2. Best Practices for Improving Your Secure Score
  3. Azure Defender for Servers
  4. Security Benchmark Policy
  5. Labs
  6. STIG & CIS – cloud security baseline

Module 3: Microsoft 365 Defender for Endpoint – EDR

  1. Intro 101 (configuration, device inventory, concept, Report, alerts) and EDR deployment
  2. Security Operations best practices with Microsoft EDR
  3. How to manage Incidents
  4. Kusto language 101 – basic and advanced queries
  5. Advanced Hunting
  6. Partner & APIs
  7. Hacker ways to hide malware and bypass EDR
  8. Attacks examples and remediation labs
  9. EDR Integration with Microsoft Defender for Identity
  10. EDR Integration with Microsoft Defender for Office 365

Module 4: eXtended Detection and Response with Sentinel

  1. Sentinel 101 – Azure Sentinel Dashboards, Connectors
  2. Understanding Normalization in Azure Sentinel
  3. Cloud & on-prem architecture
  4. Workbooks deep dive – Visualize your security threats and hunts
  5. Incidents
  6. KQL intro (KQL hands-on lab exercises) and Optimizing Azure Sentinel KQL queries performance
  7. Auditing and monitoring your Azure Sentinel workspace
  8. Sentinel configuration with Microsoft Cloud stack, EDR and MCAS
  9. Fusion ML Detections with Scheduled Analytics Rules
  10. Streamlining your SOC Workflow with Automated Notebooks
  11. Customizing Azure Sentinel with Python
  12. Best Practices for Converting Detection Rules from Splunk, QRadar, and ArcSight to Azure Sentinel Rule

Module 5: Microsoft Cloud App Security

  1. Intro do MCAS
  2. Enabling Secure Remote Work
  3. App Discovery and Log Collector Configuration
  4. Extending real-time monitoring & controls to any app
  5. Connecting 3rd party Applications
  6. Automation and integration with Microsoft Flow
  7. Conditional Access App Control
  8. Threat detection
  9. Information Protection
  10. Labs: Protect Your Environment Using MCAS
  11. DLP in Microsoft stack – how to deploy and monitor using MCAS and Sentinel

Certification

After finishing the course, you will be granted a CQURE Certificate of Completion. Please note that after completing the course you will also be eligible for CPE points!

 

FAQ – Masterclass: SOC Analyst Course

Hva koster kurset?
Prisen er 39 900 NOK for 5 dager. Kurset inkluderer kursmateriell, praktiske lab-øvelser og livslang sertifisering etter fullført kurs.

Hvor lenge varer kurset?
Kurset går over 5 intensive dager fra 09:00 til 16:00 hver dag og gjennomføres som et internasjonalt Live virtuelt kurs.

Hvordan gjennomføres kurset?
Kurset leveres som et live virtuelt kurs ledet av CQUREs cybersikkerhetseksperter. Deltakerne jobber med realistiske scenarioer og lab-øvelser som simulerer arbeid i et Security Operations Center (SOC). Klassen er begrenset til maks 16 deltakere for å sikre tett oppfølging og høy kvalitet.

Hvem passer kurset for?
Kurset er utviklet for tekniske fagpersoner som jobber med sikkerhetsovervåking og hendelseshåndtering, blant annet:

  • SOC analysts
  • Enterprise administrators
  • Infrastructure architects
  • Security professionals
  • System engineers
  • Network administrators
  • IT professionals
  • Security consultants

Hva lærer jeg i løpet av kurset?
Du lærer hvordan moderne SOC-team overvåker, analyserer og responderer på sikkerhetshendelser i Microsoft-miljøer. Etter kurset vil du kunne:

  • Overvåke identitetssikkerhet i Azure AD / Entra ID
  • Analysere sikkerhetshendelser i Microsoft 365
  • Bruke Microsoft Defender for Endpoint til trusseldeteksjon
  • Utføre avansert trusseljakt med KQL
  • Analysere og håndtere sikkerhetshendelser i Microsoft Sentinel
  • Automatisere SOC-arbeidsflyt og hendelseshåndtering

Er kurset praktisk rettet?
Ja. Kurset inneholder omfattende hands-on lab-øvelser hvor deltakerne jobber med realistiske hendelser og lærer hvordan sikkerhetsanalytikere oppdager, analyserer og responderer på trusler i moderne IT-miljøer.

Hvilke temaer dekkes i kurset?
Kurset dekker blant annet:

  • Overvåking og logging i Azure AD / Entra ID
  • Microsoft 365 Security Center og Secure Score
  • Microsoft Defender for Endpoint (EDR)
  • Threat hunting og analyse med KQL
  • Security operations og incident management
  • SIEM-plattformen Microsoft Sentinel
  • Automatisering og analyse i SOC-miljøer
  • Microsoft Cloud App Security (MCAS)
  • Data Loss Prevention og cloud-sikkerhet

Får jeg sertifisering etter kurset?
Ja. Etter fullført kurs mottar du en livslang sertifisering som dokumenterer kompetanse innen SOC-operasjoner og sikkerhetsanalyse.

Hvilke forkunnskaper anbefales?
Det anbefales at deltakerne har erfaring med Windows-infrastruktur samt grunnleggende kunnskap om cloud-plattformer som Microsoft 365 og Azure.

Hva gjør dette kurset unikt?
Kurset gir en realistisk innføring i hvordan et moderne Security Operations Center arbeider. Du lærer både hvordan trusler oppdages og analyseres, og hvordan sikkerhetsteam bruker verktøy som Microsoft Defender og Sentinel til å beskytte organisasjoner mot avanserte cyberangrep.

See other relevant courses to explore:

Microsoft Security & Identity

Cloud Security & Incident Response

Cybersecurity & Offensive Security

Security Certifications

Andre relevante kurs

MasterClass: Hacking and Securing Windows Infrastructure
13. april
5 dager
Virtual Classroom
Masterclass: System Forensics, Incident Handling And Threat Hunting
25. mai
5 dager
Virtual Classroom
MasterClass: Windows Security and Infrastructure Management with Windows Internals
15. juni
4 dager
Classroom Virtual
MasterClass: Administering and Configuring Active Directory Federation Services and Claims
15. juni
3 dager
Classroom