Azure Sentinel Incident Triage Challenge
Azure Sentinel (Microsoft Sentinel) is a cloud-based SIEM (security information event management) solution that offers advanced intelligence tools across organizations to secure the cloud and on-premises resources.
This lab challenge assumes familiarity with the following concepts:
- Understanding of Azure Sentinel offering
- Understanding Sentinel incidents, data connectors, analytic rules, and log query editor
If you are unfamiliar with any of the above, Cloud Academy recommends completing the labs mentioned in the prerequisites before attempting this lab challenge.
This hands-on lab challenge will test your practical ability to interact with the Azure Sentinel to satisfy a set of requirements in a production-like Azure environment. You will be presented with a task and set of requirements you must fulfill to pass the challenge.
This is a real environment, which means you can prove your knowledge in an applied way, substituting multiple-choice questions for a dynamic performance-based exam situation.
October 31st, 2023 - Updated the challenge to reflect the latest UI
January 24th, 2023 - Resolved an issue causing an excessive delay in data being reported in Sentinel
- Introduction to Azure Sentinel
- Investigating Security Events using Azure Sentinel
- Candidates for Azure Security Engineer (AZ-500)
- Cloud Architects
- DevOps Engineers
- Azure Sentinel
- Azure Log Analytics
Parveen is an Azure advocate with previous experience in the professional consulting services industries. He specializes in infrastructure and DevOps with a wide range of knowledge in security and access management. He is also an Azure Certified - DevOps Engineer Expert, Security Engineer, Developer Associate, Administrator Associate, CompTIA Certified - Network+, Security+, and AWS Cloud Practitioner.
Parveen enjoys writing about cloud technologies and sharing the knowledge with the community to help students upskill in the cloud.