Over the holidays, I have updated the Ninja Training to cover updates to Azure Sentinel and address lessons learned over time.
So what’s new?
Since the Ninja Training is always changing, I also include important changes over the last few months. On the other hand, there are many changes, so don’t expect this to be comprehensive.
Easier to use (I hope)
- Module 0, “Other learning and support options,” provides pointers to other options that you may find useful.
- Like any training, you may have questions after the session. The FAQ companion to the Azure Sentinel Ninja training tries to address that.
- You can now read the Ninja course, hopefully getting some insights even before diving deeper, and understand better the different resources The Ninja Training points to. In case you don’t want to read, each module clearly points to the video to watch if you don’t have much time and if you have more time.
New and updated modules
New modules are covering new functionality areas in Azure Sentinel:
- Module 14: User and Entity Behavior Analytics (UEBA)
- Module 15: Monitoring Azure Sentinel’s health
- Module 17: Bring your own ML
Also, several modules have been expanded to cover their entire domain.
- Module 6: expanded from TI to Enrichment in general, including Watchlists
- Module 8: expanded from writing rules to analytics in general, including built-om analytics.
- Module 9: expanded from Playbooks to SOAR in general. The content is still Playbook centric, but we will update that over time.
New and updated webinars
- Module 9 (SOAR/Playbooks) and Module 10 (Workbooks) finally have a webinar.
- Module 1 (Overview), Module 3 (Cloud Architecture), and Module 4 (Data Connectors) now have a shorter introductory video in addition to the full-length webinar.
- A new Webinar on the Log Forwarder for Syslog and CEF in module 4.
- A new Webinar in Module 13 (Hunting) focuses on the feature set complementing the previous webinars, which focused on hunting examples.