Manage Security Operations (Coursera)

By the end of this course, you will be able to:

• Configure and monitor metrics and logs in Azure Monitor.
• Manage applications by using Azure Monitor Application Insights.
• Create basic Azure Monitor log queries to extract information from log data.
• Enable Azure Monitor alerts.
• Configure properties for diagnostic logging.
• Implement, configure, and deploy Microsoft Defender for Cloud.
• Monitor your security status with Microsoft Defender for Cloud.
• Implement just-in-time VPN access to protect against brute-force attacks.

This course is part of the Microsoft Azure Security Engineer Associate (AZ-500) Professional Certificate.

What you'll learn

• Configure and monitor metrics and logs in Azure Monitor.
• Manage applications by using Azure Monitor Application Insights.
• Implement, configure, and deploy Microsoft Defender for Cloud.
• Implement just-in-time VPN access to protect against brute-force attacks.

Syllabus

Configure and manage Azure Monitor
In this module, you will learn how to use Azure monitor, Defender for Cloud, and Sentinel to monitor your organization's services. You will explore how to use features of Azure Monitor logs that contain records that show when resources are created or modified. You will also learn to use a full-stack monitoring strategy to improve learner’s ability to identify and mitigate issues across all the layers of their applications and infrastructure to improve the customer experience. In addition, you will learn to configure and monitor metrics and logs and integrate Azure Monitor Application Insights with your applications. You will explore how to use Azure Monitor Application Insights to check the health of applications and resolve issues faster. You will also learn how to enable Log Analytics that helps you monitors cloud and on-premises environments to maintain availability and performance.

Enable and manage Microsoft Defender for Cloud
In this module, you will learn how to implement and customize Microsoft Defender for Cloud and how to design and plan an effective Defender for Servers deployment. You will learn how to manage and implement security policies and recommendations to secure and harden your resources. You will explore the brute force attacks and how to implement Just-in-time VM access to protect from brute force attacks. You will also learn about malware threats and how to configure malware detection to protect computers and network from malware.

Configure and monitor Microsoft Sentinel
In this module, you will gain an understanding about Microsoft Sentinel and how it works. You will learn about how to enable Microsoft Sentinel for end-to-end security operations. You will learn how to transform or customize data at ingestion time in Microsoft Sentinel. You will learn to use Microsoft Sentinel for instant visualization and analysis of data. You will also learn to use Azure Monitor workbooks to visualize and monitor data. You will explore anomaly detection analytics rules in Microsoft Sentinel. You will learn how to enable rules to create incidents. In addition, you will learn to create custom analytics rules to detect threats. You will learn how to map data fields to entities in Microsoft Sentinel. You will also learn to use playbooks together with automation rules to automate incident response and remediate security threats detected by Microsoft Sentinel. You will explore about how to investigate incidents with Microsoft Sentinel as well as use it to understand the scope and find the root cause of a potential security threat. In addition, you will learn how to use the threat modeling tool develop threat models as a backbone of your security process.

Project and graded assessment
In this module, you will attempt a course-level ungraded project and graded assessment.