SOC Workflows Leveraging MSFT Sentinel and Tanium

This lab will show how to break silos and accelerate hunting and investigations through the use of structured workflows created by integrating Tanium & Microsoft Sentinel. You will learn how Tanium data can be ingested using Microsoft Sentinel Logic Apps, then use keyword query language (KQL) to analyze and visualize threats, incidents, or stages of investigations within a structured workflow.

Pre-Req(s): Basic understanding of Tanium, asking questions, using Tanium Threat Response. Familiarity of tactics, techniques, and procedures for threat hunting, investigations, and SOC workflows. Tanium Threat Response Analyst (WBT Course Registration Link) is ideal

Location Name
Marigold - 4th Floor

Additional details:

Session Type
In-Person, Lab
Modules
, , , ,
Difficulty
Intermediate/Advanced
Focus
, ,
Industry
Construction, Education, Entertainment, Financial Services, Government - Federal, Government - Local, Healthcare & Life Sciences, Holding Companies & Conglomerates, Insurance, Law Firms & Legal Services, Media & Internet, Media & Telecommunications, Non-Profit & Charitable Organizations, Professional & Business Services, Real Estate, Retail & Hospitality, Software & Technology, Other, Agriculture, Mining & Raw Materials, Energy, Utilities & Waste, Facilities, Lodging & Resorts, Clinics, Manufacturing, Construction & Wholesale, Trade, Transportation Service, Hospitals & Physicians