lab challenge

Azure Sentinel Incident Triage Challenge

Intermediate
1h 30m
362
4.2/5
Get challenged in a real environmentProve your skills in a real-world, provisioned environment.
Push your limitsComplete an unguided mission within the time limit.
See resultsTest your problem-solving skills and track your progress.
Lab description

Azure Sentinel (Microsoft Sentinel) is a cloud-based SIEM (security information event management) solution that offers advanced intelligence tools across organizations to secure the cloud and on-premises resources. 

This lab challenge assumes familiarity with the following concepts: 

  • Understanding of Azure Sentinel offering
  • Understanding Sentinel incidents, data connectors, analytic rules, and log query editor

If you are unfamiliar with any of the above, Cloud Academy recommends completing the labs mentioned in the prerequisites before attempting this lab challenge.

This hands-on lab challenge will test your practical ability to interact with the Azure Sentinel to satisfy a set of requirements in a production-like Azure environment. You will be presented with a task and set of requirements you must fulfill to pass the challenge.

This is a real environment, which means you can prove your knowledge in an applied way, substituting multiple-choice questions for a dynamic performance-based exam situation.

Updates

October 31st, 2023 - Updated the challenge to reflect the latest UI

January 24th, 2023 - Resolved an issue causing an excessive delay in data being reported in Sentinel

Prerequisites
  • Introduction to Azure Sentinel
  • Investigating Security Events using Azure Sentinel
Intended audience
  • Candidates for Azure Security Engineer (AZ-500)
  • Cloud Architects
  • DevOps Engineers
What will be assessed
  • Azure Sentinel
  • Azure Log Analytics
About the author
Avatar
Parveen Singh
Cloud Lab Developer
Students
14,308
Labs
95
Courses
1
Learning paths
3

Parveen is an Azure advocate with previous experience in the professional consulting services industries. He specializes in infrastructure and DevOps with a wide range of knowledge in security and access management. He is also an Azure Certified - DevOps Engineer Expert, Security Engineer, Developer Associate, Administrator Associate, CompTIA Certified - Network+, Security+, and AWS Cloud Practitioner.
Parveen enjoys writing about cloud technologies and sharing the knowledge with the community to help students upskill in the cloud.

Covered topics
Mission
Azure Sentinel Incident Triage Challenge