SOC Workflows Leveraging MSFT Sentinel and Tanium
This lab will show how to break silos and accelerate hunting and investigations through the use of structured workflows created by integrating Tanium & Microsoft Sentinel. You will learn how Tanium data can be ingested using Microsoft Sentinel Logic Apps, then use keyword query language (KQL) to analyze and visualize threats, incidents, or stages of investigations within a structured workflow. Pre-Req(s): Basic understanding of Tanium, asking questions, using Tanium Threat Response. Familiarity of tactics, techniques, and procedures for threat hunting, investigations, and SOC workflows. Tanium Threat Response Analyst (WBT Course Registration Link) is ideal
Location Name
Marigold - 4th Floor
Additional details:
Session Tag
Investigation & Remediation
Session Type (Grey Bubble)
In-Person, Lab
Modules
Comply, Connect, Reveal, Threat Response, Benchmark
Difficulty
Intermediate/Advanced
Focus
Tanium Platform, Risk & Security, Microsoft & ServiceNow Integrations
Industry
Construction, Education, Entertainment, Financial Services, Government - Federal, Government - Local, Healthcare & Life Sciences, Holding Companies & Conglomerates, Insurance, Law Firms & Legal Services, Media & Internet, Media & Telecommunications, Non-Profit & Charitable Organizations, Professional & Business Services, Real Estate, Retail & Hospitality, Software & Technology, Other, Agriculture, Mining & Raw Materials, Energy, Utilities & Waste, Facilities, Lodging & Resorts, Clinics, Manufacturing, Construction & Wholesale, Trade, Transportation Service, Hospitals & Physicians