Category: SC200

Automate Sentinel to enrich and record IP reputation using VirusTotal

 user  February 19, 2025

source: https://learn.microsoft.com/en-us/azure/sentinel/tutorial-enrich-ip-information Prerequisites An Azure user with the following roles:Microsoft Sentinel Contributor on the Log…

Configuring and Deploying a VM using ARM Template 

 user  September 24, 2024

Configuration Storage Account  Public IP  Network Security Group  Virtual Network  Network Interface (NIC)  Virtual Machine …

SC-200 Sentinel – Privilege escalation attack – Simulation, detection and response

 user  June 5, 2024

source: SC-200T00A-Microsoft-Security-Operations-Analyst Part 1: Run the attack In this guide we will simulate an attacker…

SC-200 Create automation rule

 user  May 14, 2024

In this demo we are creating an automation rule to change the severity and status…

SC-200 Collect logs from non-azure-Linux VM host to Microsoft Sentinel using Azure Arc and Syslog AMA

 user  May 8, 2024

Step 1 – Install and configure Rsyslog To install rsyslog on Ubuntu execute this from…

SC-200 Connect Windows devices to Microsoft Sentinel using data connectors

 user  May 1, 2024

source: SC-200T00A-Microsoft-Security-Operations-Analyst Task 1: Create a Windows VM in Azure Go to Marketplace, search for…

SC-200 Configure your Microsoft Sentinel environment

 user  May 1, 2024

source: SC-200T00A-Microsoft-Security-Operations-Analyst Task 1: Initialize the Microsoft Sentinel Workspace go to Log Analytics Workspace and…