SOC Workflows Leveraging MSFT Sentinel and Tanium

This lab will show how to break silos and accelerate hunting and investigations through the use of structured workflows created by integrating Tanium & Microsoft Sentinel. You will learn how Tanium data can be ingested using Microsoft Sentinel Logic Apps, then use keyword query language (KQL) to analyze and visualize threats, incidents, or stages of investigations within a structured workflow.

Pre-Req(s): Basic understanding of Tanium, asking questions, using Tanium Threat Response. Familiarity of tactics, techniques, and procedures for threat hunting, investigations, and SOC workflows. 

Session Type
Virtual, Self-Service Lab
Difficulty
Intermediate/Advanced
Modules
, , , ,
Focus
, ,
Industry
Construction, Education, Entertainment, Financial Services, Government - Federal, Government - Local, Healthcare & Life Sciences, Holding Companies & Conglomerates, Insurance, Law Firms & Legal Services, Media & Internet, Media & Telecommunications, Non-Profit & Charitable Organizations, Professional & Business Services, Real Estate, Retail & Hospitality, Software & Technology, Other, Agriculture, Mining & Raw Materials, Energy, Utilities & Waste, Facilities, Lodging & Resorts, Clinics, Manufacturing, Construction & Wholesale, Trade, Transportation Service, Hospitals & Physicians