SOC Workflows Leveraging MSFT Sentinel and Tanium

This lab will show how to break silos and accelerate hunting and investigations through the use of structured workflows created by integrating Tanium & Microsoft Sentinel. You will learn how Tanium data can be ingested using Microsoft Sentinel Logic Apps, then use keyword query language (KQL) to analyze and visualize threats, incidents, or stages of investigations within a structured workflow.

Pre-Req(s): Basic understanding of Tanium, asking questions, using Tanium Threat Response. Familiarity of tactics, techniques, and procedures for threat hunting, investigations, and SOC workflows. Tanium Threat Response Analyst (WBT Course Registration Link) is ideal

Additional details:

Session Type
Virtual, Self-Service Lab
Modules
, , , ,
Difficulty
Intermediate/Advanced
Focus
, ,
Industry
Construction, Education, Entertainment, Financial Services, Government - Federal, Government - Local, Healthcare & Life Sciences, Holding Companies & Conglomerates, Insurance, Law Firms & Legal Services, Media & Internet, Media & Telecommunications, Non-Profit & Charitable Organizations, Professional & Business Services, Real Estate, Retail & Hospitality, Software & Technology, Other, Agriculture, Mining & Raw Materials, Energy, Utilities & Waste, Facilities, Lodging & Resorts, Clinics, Manufacturing, Construction & Wholesale, Trade, Transportation Service, Hospitals & Physicians