From the course: Microsoft Cybersecurity Architect (SC-100) Cert Prep by Microsoft Press
Join today to access over 25,500 courses taught by industry experts.
Evaluate technical threat intelligence
From the course: Microsoft Cybersecurity Architect (SC-100) Cert Prep by Microsoft Press
Evaluate technical threat intelligence
Another part of the workflow for security operations are to evaluate the technical threat intelligence of an attack. This involves the data collection and analysis of the logging and monitoring data that you send to the tool, such as Microsoft Sentinel. Here, it can apply various analytics to identify any relevant security insights and findings and then publish that through the tool. This also integrates with various products across Microsoft, whether it be Azure, Intune, Cloud App Security or other cloud applications. As part of the threat intelligence tooling, there's hunting to where teams can go through and identify the logs and the monitoring that might be relevant for an application and help the analytics rules improve overall detection.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.
Contents
-
-
-
-
(Locked)
Learning objectives42s
-
(Locked)
Designing a logging and auditing strategy1m 15s
-
(Locked)
Security operation considerations1m 51s
-
(Locked)
Design a SIEM and SOAR strategy1m 30s
-
(Locked)
Evaluate security workflows1m 8s
-
(Locked)
Evaluate incident management1m 22s
-
(Locked)
Evaluate technical threat intelligence54s
-
(Locked)
-
-
-
-
-
-
-
-