SOC Workflows Leveraging MSFT Sentinel and Tanium

This lab will show how to break silos and accelerate hunting and investigations through the use of structured workflows created by integrating Tanium & Microsoft Sentinel. You will learn how Tanium data can be ingested using Microsoft Sentinel Logic Apps, then use keyword query language (KQL) to analyze and visualize threats, incidents, or stages of investigations within a structured workflow.

Pre-Req(s): Basic understanding of Tanium, asking questions, using Tanium Threat Response. Familiarity of tactics, techniques, and procedures for threat hunting, investigations, and SOC workflows. Tanium Threat Response Analyst (WBT Course Registration Link) is ideal

Location Name
Marigold - 4th Floor

Additional details:

Investigation & Remediation
Session Type
In-Person, Lab
Comply, Connect, Reveal, Threat Response, Benchmark
Tanium Platform, Risk & Security, Microsoft & ServiceNow Integrations
Construction, Education, Entertainment, Financial Services, Government - Federal, Government - Local, Healthcare & Life Sciences, Holding Companies & Conglomerates, Insurance, Law Firms & Legal Services, Media & Internet, Media & Telecommunications, Non-Profit & Charitable Organizations, Professional & Business Services, Real Estate, Retail & Hospitality, Software & Technology, Other, Agriculture, Mining & Raw Materials, Energy, Utilities & Waste, Facilities, Lodging & Resorts, Clinics, Manufacturing, Construction & Wholesale, Trade, Transportation Service, Hospitals & Physicians