Masterclass: SOC Analyst Course

Live Virtual Class – Super Intensive Remote Training with Labs!
(9:00am – 4:00pm CET Monday to Thursday)

Register now - ask for price

Masterclass: SOC Analyst Course

This is an international Live Virtual Class where you will be able to share the learning experience with a group of IT pros from around the world without leaving your home or office! The class is taught fully remotely in English by CQURE Cybersecurity Experts. In order to ensure the highest quality and unique learning experience, the course is limited to 12 participants by default, or supported by an assistant instructor if the number of delegates exceeds 12. During this course, you will have the opportunity to go through CQURE’s custom lab exercises, interact with our world-renowned Expert and receive a lifelong certification after completing the course!

Upcoming Live Virtual Classes

Live Virtual Class Length Start Date Instructor
Register Now 5 days-35h 29.11.2021 Piotr Pawlik
Register Now 5 days-35h 28.03.2022 Piotr Pawlik
Register Now 5 days-35h 30.05.2022 Piotr Pawlik

See the schedule of our all Live Virtual Classes

Loads of Knowledge

The course is dedicated for people who want to learn about Microsoft’s cloud environment monitoring tools and framework. At the beginning, you will be introduced to the management of Azure Active Directory, service auditing and logs, roles related to monitoring threats in the cloud, or the implementation of PIM and PAM services.

Next, we will walk you through cloud security configuration best practices with secure score, Azure Defender for servers or security standards recommendations.

During the course you will be able to configure an environment with EDR enabled, where we will try to attack endpoints and user identity and see how EDR behaves. Then we will go through security operations best practices and make hunting queries.

The implemented EDR solution and other components of the security stack will be linked within the Microsoft SIEM, which will allow monitoring and implementation of responses to threats.

This course is ideal for:

SOC analysts, Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

To attend this training, you should have a good hands-on experience in administering Windows infrastructure and basic around public cloud concept (Office 365, Azure).

Unique exercises:

All exercises are based on Windows Server 2016 and 2019, Windows 10, Kali Linux and Azure Cloud. This workshop is based on practical knowledge from tons of successful projects, many years of real-world experience and no mercy for misconfigurations or insecure solutions!

Platform and Technical Requirements:

To participate in the course you need a Stable internet connection. For best learning experience we also need you to have a webcam, headphones and a microphone. Open RDP port 3391 for the connection to the Lab environment is needed as well. We will setup a secure Zoom classroom for every day of the course – we will send you a safe link to join the conference by e-mail.

Certification:

After finishing the course, you will be granted a CQURE Certificate of Completion. Please note that after completing the course you will also be eligible for CPE points!

COURSE FORMULA

Remote Delivery

We are Experts in remote delivery. In the past year, we have organized over 200 days of trainings and we have tested many solutions. The experience remains the same as in the case of face-to-face trainings – a personalized, lab intense training with a lot of interaction between you and the instructor.

Virtual Labs

You will be granted a lab access for the duration of the training and a complementary access for additional 3 weeks after the training concludes with new challenging exercise instructions. With the extra self-study materials, you will be able to refresh your knowledge, acquire new skills and practically apply the techniques you have just learned.

Lifelong Certification

What is wonderful about our certification is that it is lifetime valid with no renewal fees – the technology changes, but fundamentals and attitude remain mostly the same. Our Virtual Certificates, which entitle you to collect CPE Points, are issued via Accredible.

COURSE SYLLABUS

Module 1

Monitoring operations in Azure AD

  1. Azure Active Directory Operations and Logs
  2. Azure AD Roles
  3. Identity Protection – Roles, Review access, alerts, Discovery and Insights
  4. How to deal with Audit Log
  5. Challenging Azure AD settings in Azure and Office from red team perspective
  6. Privileged Identity Management – JITA, Discover and Monitor
  7. Office Management API – Logs around Office 365
  8. Microsoft Azure Policies – getting started, compliance, remediation, assignments, blueprints.
  9. Labs

Module 2

Microsoft 365 Security

  1. Secure Score and Security Center
  2. Best Practices for Improving Your Secure Score
  3. Azure Defender for Servers
  4. Security Benchmark Policy
  5. Labs
  6. STIG & CIS – cloud security baseline

Module 3

Microsoft 365 Defender for Endpoint – EDR

  1. 1. Intro 101 (configuration, device inventory, concept, Report, alerts) and EDR deployment
  2. Security Operations best practices with Microsoft EDR
  3. How to manage Incidents
  4. Kusto language 101 – basic and advanced queries
  5. Advanced Hunting
  6. Partner & APIs
  7. Hacker ways to hide malware and bypass EDR
  8. Attacks examples and remediation labs
  9. EDR Integration with Microsoft Defender for Identity
  10. EDR Integration with Microsoft Defender for Office 365

Module 4

Extended Detection and Response with Sentinel

  1. Sentinel 101 – Azure Sentinel Dashboards, Connectors
  2. Understanding Normalization in Azure Sentinel
  3. Cloud & on-prem architecture
  4. Workbooks deep dive – Visualize your security threats and hunts
  5. Incidents
  6. KQL intro (KQL hands-on lab exercises) and Optimizing Azure Sentinel KQL queries performance
  7. Auditing and monitoring your Azure Sentinel workspace
  8. Sentinel configuration with Microsoft Cloud stack, EDR and MCAS
  9. Fusion ML Detections with Scheduled Analytics Rules
  10. Streamlining your SOC Workflow with Automated Notebooks
  11. Customizing Azure Sentinel with Python
  12. Best Practices for Converting Detection Rules
  13. from Splunk, QRadar, and ArcSight to Azure Sentinel Rules

  14. Deep Dive into Azure Sentinel Innovations
  15. Investigating Azure Security Center alerts using Azure Sentinel
  16. Customizable Anomalies and How to Use Them
  17. Introduction to Monitoring SAP with Azure Sentinel for Security Professionals
  18. Hunting in Sentinel
  19. Deep Dive on Threat Intelligence
  20. End-to-End SOC scenario with Sentinel

Module 5

Microsoft Cloud App Security

  1. Intro do MCAS
  2. Enabling Secure Remote Work
  3. App Discovery and Log Collector Configuration
  4. Extending real-time monitoring & controls to any app
  5. Connecting 3rd party Applications
  6. Automation and integration with Microsoft Flow
  7. Conditional Access App Control
  8. Threat detection
  9. Information Protection
  10. Labs: Protect Your Environment Using MCAS
  11. DLP in Microsoft stack – how to deploy and monitor using MCAS and Sentinel
Register now - ask for price

Click here to browse the modules:

YOUR TEACHER

Piotr Pawlik

Cybersecurity Expert, MVP

Piotr Pawlik is CQURE’s Cybersecurity Expert, System Engineer and Unified Communications Expert with experience in design, implementation, and support for Microsoft solutions. During his work for Orange Business Services, Piotr was responsible for planning and deployment of security solutions for the biggest customers in Poland (insurance, banking, education and government sectors) and many customers located in Europe. Piotr’s main areas of expertise are: Microsoft Private Cloud (Hyper-V virtualization and System Center 2012), Microsoft Public Cloud (Office 365 and Azure), Microsoft Exchange Server 2010/2013, Lync Server 2010/2013, Office Communications Servers and Windows Server family. His additional experience includes disaster recovery, capacity planning, virtualization and business continuity. Excellent problem-solving skills and interpersonal skills.

WHO IS IT FOR?

Audience

SOC analysts, Enterprise administrators, infrastructure architects, security professionals, systems engineers, network administrators, IT professionals, security consultants and other people responsible for implementing network and perimeter security.

Recommendations

To attend this training, you should have a good hands-on experience in administering Windows infrastructure and basic around public cloud concept (Office 365, Azure).

Exercises

All exercises are based on Windows Server 2016 and 2019, Windows 10, Kali Linux and Azure Cloud.

Our students say…

“All of their classes are based on their real world experience with the products, not just the typical Official Curriculum style classes that teach you things for an exam, but that you never use. You’ll find that all of the material you’ll lrarn in the class will be used, at some point, in your security career.”

Jack Perry

Security Principal Consultant - Presido

“Totally professional, total great stuff, in-depth knowledge and a perfect Learning Atmosphere! I like it! Thanks so much for sharing your experience and knowledge!”

Martin Weber

CTO - IT.INNOVATION.4U

“I have attended CQURE’s training as someone who is not a security professional, but just an enthusiast, and I feel like I learned a A LOT. The whole training was loaded with information and nice demos of the latest technologies. On top of that — having an opportunity to ask and talk to professionals was priceless.”

Marek Chmel

SQL SERVER DBA - AT&T

×