Computer Science / Windows Systems Administration

Detect and respond to cyber attacks with Microsoft 365 Defender

بواسطة: N/A

Overview

Module 1: Understand what Microsoft 365 Defender is and how it can help to improve your security posture by empowering your Security Operations Center (SOC) or security teams with the tools they need to identify, control, and remediate security threats.

By the end of this module, you'll be able to:

Understand Microsoft 365 Defender
Understand Microsoft 365 Defender integration with other Defender products

Module 2: Understand the steps needed to enable Microsoft 365 Defender for your organization.

By the end of this module, you'll be able to:

Prepare to roll out Microsoft 365 Defender.
Enable Microsoft 365 Defender in your organization.
Manage who has access to the functions and data in Microsoft 365 Defender.

Module 3: Learn how to use Microsoft 365 Defender to manage and respond to incidents and alerts in your Microsoft 365 tenant. Cyber threats are an ever present and on-going concern for all organizations regardless of size. Learn how to minimize the time between an incident and its management for subsequent response and resolution.

By the end of this module, you'll be able to:

Understand incident management and response in Microsoft 365 Defender
Understand how to classify incidents and alerts
Use email notifications to be informed of new or updated incident

Module 4: Gain an understanding of the advanced hunting query language, Kusto, and how to create queries to find threats. You'll gain an awareness of the data schemas provided by Microsoft 365 and how they can enrich query results. Finally, you'll explore custom detections and how they can be used to automate detection and remediation of threats.

By the end of this module, you'll be able to:

Use the advanced hunting query language, Kusto.
Use the advanced hunting query schemas to enrich your queries.
Create custom detection queries to facilitate automated threat identification and resolution.

Module 5: Learn how Microsoft 365 Defender uses automated self-healing for incident investigation and response to automate threat detection and remediation.

By the end of this module, you'll be able to:

Understand automated self-healing in your security environment
Utilize automated investigation and response in addressing cyber-attacks
Work with Action center

Syllabus

Module 1: Introduction to Microsoft 365 Defender

Introduction
What is Microsoft 365 Defender?
Threat information sources for Microsoft 365 Defender
Knowledge check
Summary

Module 2: Enable Microsoft 365 Defender in your organization

Introduction
Roll out Microsoft 365 Defender for your organization
Manage access to Microsoft 365 Defender
Knowledge check
Summary

Module 3: Investigate incidents with Microsoft 365 Defender

Introduction
Working with incidents
Classification of incidents and alerts
Use email notifications in Microsoft 365 Defender
Knowledge check
Summary

Module 4: Locate threats using advanced hunting with Microsoft 365 Defender

Introduction
Introduction to Kusto Query Language
Understand the hunting data schema
Using custom detections
Knowledge check
Summary

Module 5: Automate self-healing with Microsoft 365 Defender

Introduction
What is automated self-healing?
Understand automated investigation and response
Knowledge check
Summary

Computer Science / Windows Systems Administration

Detect and respond to cyber attacks with Microsoft 365 Defender

الذهاب الي الدورة

Detect and respond to cyber attacks with Microsoft 365 Defender

بواسطة: N/A

N/A
مجانية
الإنجليزية
متاح شهادة
متاح في أي وقت
beginner
N/A

Messages Timeline Exceptions Views14 Route Queries7 Models6 Gate Session Request

8.1.2666ms2MBGET ar/الدورات/{slug}

Booting (417ms)
Application (247ms)
1 x Booting (62.65%)
417.30ms
1 x Application (37.1%)
247.13ms

14 templates were rendered

public.courses.show (resources/views/public/courses/show.blade.php)3bladefile
Params
0
course
1
links
2
config
public.courses.partials.breadcrumbs (resources/views/public/courses/partials/breadcrumbs.blade.php)6bladefile
Params
0
__env
1
app
2
errors
3
course
4
links
5
config
public.courses.partials.heading (resources/views/public/courses/partials/heading.blade.php)7bladefile
Params
0
__env
1
app
2
errors
3
course
4
links
5
config
6
classes
public.courses.partials.details (resources/views/public/courses/partials/details.blade.php)6bladefile
Params
0
__env
1
app
2
errors
3
course
4
links
5
config
public.courses.partials.breadcrumbs (resources/views/public/courses/partials/breadcrumbs.blade.php)6bladefile
Params
0
__env
1
app
2
errors
3
course
4
links
5
config
public.courses.partials.heading (resources/views/public/courses/partials/heading.blade.php)7bladefile
Params
0
__env
1
app
2
errors
3
course
4
links
5
config
6
classes
public.layouts.main (resources/views/public/layouts/main.blade.php)6bladefile
Params
0
__env
1
app
2
errors
3
course
4
links
5
config
public.layouts.partials.meta (resources/views/public/layouts/partials/meta.blade.php)6bladefile
Params
0
__env
1
app
2
errors
3
course
4
links
5
config
public.layouts.partials.navbar (resources/views/public/layouts/partials/navbar.blade.php)6bladefile
Params
0
__env
1
app
2
errors
3
course
4
links
5
config
public.auth.profile.partials.links (resources/views/public/auth/profile/partials/links.blade.php)6bladefile
Params
0
__env
1
app
2
errors
3
course
4
links
5
config
public.auth.profile.partials.link (resources/views/public/auth/profile/partials/link.blade.php)8bladefile
Params
0
__env
1
app
2
errors
3
course
4
links
5
config
6
route
7
title
public.auth.profile.partials.link (resources/views/public/auth/profile/partials/link.blade.php)8bladefile
Params
0
__env
1
app
2
errors
3
course
4
links
5
config
6
route
7
title
public.auth.profile.partials.link (resources/views/public/auth/profile/partials/link.blade.php)8bladefile
Params
0
__env
1
app
2
errors
3
course
4
links
5
config
6
route
7
title
public.layouts.partials.flash-session (resources/views/public/layouts/partials/flash-session.blade.php)6bladefile
Params
0
__env
1
app
2
errors
3
course
4
links
5
config

uri: GET ar/الدورات/{slug}
middleware: web, localize:ar
controller: App\Http\Controllers\CourseController@show
as: ar.courses.show
namespace
prefix: /ar
where
file: app/Http/Controllers/CourseController.php:17-35

7 statements were executed8.79ms

select * from `courses` where `slug_ar` = 'detect-and-respond-to-cyber-attacks-with-microsoft-365-defender' limit 1

7.12ms/app/Http/Controllers/CourseController.php:20corspedia

Metadata
Bindings	0. detect-and-respond-to-cyber-attacks-with-microsoft-365-defender
Backtrace	17. /app/Http/Controllers/CourseController.php:20 18. /vendor/laravel/framework/src/Illuminate/Routing/Controller.php:54 19. /vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php:43 20. /vendor/laravel/framework/src/Illuminate/Routing/Route.php:260 21. /vendor/laravel/framework/src/Illuminate/Routing/Route.php:205

update `courses` set `visitors` = `visitors` + 1, `courses`.`updated_at` = '2025-06-24 16:35:27' where `id` = 1153

630μs/app/Http/Controllers/CourseController.php:21corspedia

Metadata
Bindings	0. 2025-06-24 16:35:27 1. 1153
Backtrace	17. /app/Http/Controllers/CourseController.php:21 18. /vendor/laravel/framework/src/Illuminate/Routing/Controller.php:54 19. /vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php:43 20. /vendor/laravel/framework/src/Illuminate/Routing/Route.php:260 21. /vendor/laravel/framework/src/Illuminate/Routing/Route.php:205

select `id`, `name_en`, `name_ar`, `topic_id`, `slug_en`, `slug_ar` from `subjects` where `subjects`.`id` in (102)

240μs/app/Http/Controllers/CourseController.php:23corspedia

Metadata
Backtrace	20. /app/Http/Controllers/CourseController.php:23 21. /vendor/laravel/framework/src/Illuminate/Routing/Controller.php:54 22. /vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php:43 23. /vendor/laravel/framework/src/Illuminate/Routing/Route.php:260 24. /vendor/laravel/framework/src/Illuminate/Routing/Route.php:205

select `id`, `name_en`, `name_ar`, `slug_en`, `slug_ar` from `topics` where `topics`.`id` in (1)

180μs/app/Http/Controllers/CourseController.php:23corspedia

Metadata
Backtrace	25. /app/Http/Controllers/CourseController.php:23 26. /vendor/laravel/framework/src/Illuminate/Routing/Controller.php:54 27. /vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php:43 28. /vendor/laravel/framework/src/Illuminate/Routing/Route.php:260 29. /vendor/laravel/framework/src/Illuminate/Routing/Route.php:205

select * from `institutions` where `institutions`.`id` in (62) and `institutions`.`deleted_at` is null

200μs/app/Http/Controllers/CourseController.php:23corspedia

Metadata
Backtrace	20. /app/Http/Controllers/CourseController.php:23 21. /vendor/laravel/framework/src/Illuminate/Routing/Controller.php:54 22. /vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php:43 23. /vendor/laravel/framework/src/Illuminate/Routing/Route.php:260 24. /vendor/laravel/framework/src/Illuminate/Routing/Route.php:205

select * from `providers` where `providers`.`id` in (15) and `providers`.`deleted_at` is null

180μs/app/Http/Controllers/CourseController.php:23corspedia

Metadata
Backtrace	20. /app/Http/Controllers/CourseController.php:23 21. /vendor/laravel/framework/src/Illuminate/Routing/Controller.php:54 22. /vendor/laravel/framework/src/Illuminate/Routing/ControllerDispatcher.php:43 23. /vendor/laravel/framework/src/Illuminate/Routing/Route.php:260 24. /vendor/laravel/framework/src/Illuminate/Routing/Route.php:205

select * from `html_files` where `html_files`.`id` = 1147 limit 1

240μs/app/Models/Course.php:84corspedia

Metadata
Bindings	0. 1147
Backtrace	21. /app/Models/Course.php:84 28. view::public.courses.show:29 30. /vendor/laravel/framework/src/Illuminate/Filesystem/Filesystem.php:125 31. /vendor/laravel/framework/src/Illuminate/View/Engines/PhpEngine.php:58 32. /vendor/laravel/framework/src/Illuminate/View/Engines/CompilerEngine.php:72

App\Models\HtmlFile: 1
App\Models\Provider: 1
App\Models\Institution: 1
App\Models\Topic: 1
App\Models\Subject: 1
App\Models\Course: 1

_token: OYapjn0muJUYZmODzYajZ8rt89JNAEOQoPVfEQuX
locale: ar
_previous: array:1 [ "url" => "https://www.corspedia.com/ar/%D8%A7%D9%84%D8%AF%D9%88%D8%B1%D8%A7%D8%AA/detect...
_flash: array:2 [ "old" => [] "new" => [] ]
PHPDEBUGBAR_STACK_DATA: []

path_info

/ar/%D8%A7%D9%84%D8%AF%D9%88%D8%B1%D8%A7%D8%AA/detect-and-respond-to-cyber-attacks-with-microsoft-365-defender

status_code

status_text

OK

format

html

content_type

text/html; charset=UTF-8

request_query

[]

request_request

[]

request_headers

  0 of 0   
array:24 [▼
  "cf-ipcountry" => array:1 [▶
    0 => "US"
  ]
  "cf-connecting-ip" => array:1 [▶
    0 => "216.73.216.18"
  ]
  "cdn-loop" => array:1 [▶
    0 => "cloudflare; loops=1"
  ]
  "x-forwarded-proto" => array:1 [▶
    0 => "https"
  ]
  "x-forwarded-for" => array:1 [▶
    0 => "216.73.216.18"
  ]
  "sec-fetch-site" => array:1 [▶
    0 => "none"
  ]
  "accept" => array:1 [▶
    0 => "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
  ]
  "user-agent" => array:1 [▶
    0 => "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)"
  ]
  "upgrade-insecure-requests" => array:1 [▶
    0 => "1"
  ]
  "sec-ch-ua-platform" => array:1 [▶
    0 => ""Windows""
  ]
  "sec-ch-ua-mobile" => array:1 [▶
    0 => "?0"
  ]
  "sec-ch-ua" => array:1 [▶
    0 => ""Chromium";v="130", "HeadlessChrome";v="130", "Not?A_Brand";v="99""
  ]
  "cache-control" => array:1 [▶
    0 => "no-cache"
  ]
  "pragma" => array:1 [▶
    0 => "no-cache"
  ]
  "sec-fetch-dest" => array:1 [▶
    0 => "document"
  ]
  "cf-ray" => array:1 [▶
    0 => "954da36e5b7deaec-ORD"
  ]
  "accept-encoding" => array:1 [▶
    0 => "gzip, br"
  ]
  "priority" => array:1 [▶
    0 => "u=0, i"
  ]
  "sec-fetch-user" => array:1 [▶
    0 => "?1"
  ]
  "sec-fetch-mode" => array:1 [▶
    0 => "navigate"
  ]
  "cf-visitor" => array:1 [▶
    0 => "{"scheme":"https"}"
  ]
  "host" => array:1 [▶
    0 => "www.corspedia.com"
  ]
  "content-length" => array:1 [▶
    0 => ""
  ]
  "content-type" => array:1 [▶
    0 => ""
  ]
]

request_server

  0 of 0   
array:50 [▼
  "USER" => "www-data"
  "HOME" => "/var/www"
  "HTTP_CF_IPCOUNTRY" => "US"
  "HTTP_CF_CONNECTING_IP" => "216.73.216.18"
  "HTTP_CDN_LOOP" => "cloudflare; loops=1"
  "HTTP_X_FORWARDED_PROTO" => "https"
  "HTTP_X_FORWARDED_FOR" => "216.73.216.18"
  "HTTP_SEC_FETCH_SITE" => "none"
  "HTTP_ACCEPT" => "text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7"
  "HTTP_USER_AGENT" => "Mozilla/5.0 AppleWebKit/537.36 (KHTML, like Gecko; compatible; ClaudeBot/1.0; +claudebot@anthropic.com)"
  "HTTP_UPGRADE_INSECURE_REQUESTS" => "1"
  "HTTP_SEC_CH_UA_PLATFORM" => ""Windows""
  "HTTP_SEC_CH_UA_MOBILE" => "?0"
  "HTTP_SEC_CH_UA" => ""Chromium";v="130", "HeadlessChrome";v="130", "Not?A_Brand";v="99""
  "HTTP_CACHE_CONTROL" => "no-cache"
  "HTTP_PRAGMA" => "no-cache"
  "HTTP_SEC_FETCH_DEST" => "document"
  "HTTP_CF_RAY" => "954da36e5b7deaec-ORD"
  "HTTP_ACCEPT_ENCODING" => "gzip, br"
  "HTTP_PRIORITY" => "u=0, i"
  "HTTP_SEC_FETCH_USER" => "?1"
  "HTTP_SEC_FETCH_MODE" => "navigate"
  "HTTP_CF_VISITOR" => "{"scheme":"https"}"
  "HTTP_HOST" => "www.corspedia.com"
  "REDIRECT_STATUS" => "200"
  "SERVER_NAME" => "corspedia.com"
  "SERVER_PORT" => "443"
  "SERVER_ADDR" => "141.95.147.152"
  "REMOTE_USER" => ""
  "REMOTE_PORT" => "26914"
  "REMOTE_ADDR" => "172.71.255.58"
  "SERVER_SOFTWARE" => "nginx/1.18.0"
  "GATEWAY_INTERFACE" => "CGI/1.1"
  "HTTPS" => "on"
  "REQUEST_SCHEME" => "https"
  "SERVER_PROTOCOL" => "HTTP/2.0"
  "DOCUMENT_ROOT" => "/var/www/corspedia/public"
  "DOCUMENT_URI" => "/index.php"
  "REQUEST_URI" => "/ar/%D8%A7%D9%84%D8%AF%D9%88%D8%B1%D8%A7%D8%AA/detect-and-respond-to-cyber-attacks-with-microsoft-365-defender"
  "SCRIPT_NAME" => "/index.php"
  "CONTENT_LENGTH" => ""
  "CONTENT_TYPE" => ""
  "REQUEST_METHOD" => "GET"
  "QUERY_STRING" => ""
  "SCRIPT_FILENAME" => "/var/www/corspedia/public/index.php"
  "PATH_INFO" => ""
  "FCGI_ROLE" => "RESPONDER"
  "PHP_SELF" => "/index.php"
  "REQUEST_TIME_FLOAT" => 1750782927.3818
  "REQUEST_TIME" => 1750782927
]

request_cookies

[]

response_headers

  0 of 0   
array:5 [▼
  "content-type" => array:1 [▶
    0 => "text/html; charset=UTF-8"
  ]
  "cache-control" => array:1 [▶
    0 => "no-cache, private"
  ]
  "date" => array:1 [▶
    0 => "Tue, 24 Jun 2025 16:35:27 GMT"
  ]
  "set-cookie" => array:2 [▶
    0 => "XSRF-TOKEN=eyJpdiI6ImxkbU9abUZjQTlWcWxVOE45akdJWEE9PSIsInZhbHVlIjoiSlNvQzNSck1TS0tna21WUWFVSERvaHY0aW9YOFNucUYyMnFPdFEwenJrMGp0ekZQRzd3SHpBb0Z2T0dqM0ZSbG04TENFa28rR0dwY2RaQjJJVGQwajEyTEluMUNBY0gxSDQyWFovSldEN2xTNEg0OE9WVTV0MW1yajdzRXpZVnUiLCJtYWMiOiJmMjMwZGIxOGY5ODU2OGVmYjFlMTE3ZDBlOGU5Zjg1OTMyMDM3NzY2ODM2MDM2ZWJlNWExYTI5NGEzOTQyNjMyIiwidGFnIjoiIn0%3D; expires=Tue, 24 Jun 2025 18:35:28 GMT; Max-Age=7200; path=/; samesite=lax ◀XSRF-TOKEN=eyJpdiI6ImxkbU9abUZjQTlWcWxVOE45akdJWEE9PSIsInZhbHVlIjoiSlNvQzNSck1TS0tna21WUWFVSERvaHY0aW9YOFNucUYyMnFPdFEwenJrMGp0ekZQRzd3SHpBb0Z2T0dqM0ZSbG04TENFa ▶"
    1 => "laravel_session=eyJpdiI6IkFUczFpaTZEaGUxZFd1NFBiNkVMdnc9PSIsInZhbHVlIjoiSlQzTnZ2QVJ2Q29oaDgvazhFeDE4QTFmVno2bmVJeEptT0NEMzNUTElPUDE1QlN1RENaNXJzUk8zd0RyaHRvbkd0NGVsWTBlTTdvc3dlTi9STjlxMlRBUkJWb28xeUxvNHJkMUxYb1JhUU9rWllnUVVWbTFaeTZBZGdTYlR3Q2siLCJtYWMiOiIwYjMyZWYxYzY0MjgwZjI0MmJiMWY4YmE0OTI3NmFlZTEyOWI0MDM0ZWZhNmQ5MDgwMDg0NmVkN2I0ODUwZWZmIiwidGFnIjoiIn0%3D; expires=Tue, 24 Jun 2025 18:35:28 GMT; Max-Age=7200; path=/; httponly; samesite=lax ◀laravel_session=eyJpdiI6IkFUczFpaTZEaGUxZFd1NFBiNkVMdnc9PSIsInZhbHVlIjoiSlQzTnZ2QVJ2Q29oaDgvazhFeDE4QTFmVno2bmVJeEptT0NEMzNUTElPUDE1QlN1RENaNXJzUk8zd0RyaHRvbkd0 ▶"
  ]
  "Set-Cookie" => array:2 [▶
    0 => "XSRF-TOKEN=eyJpdiI6ImxkbU9abUZjQTlWcWxVOE45akdJWEE9PSIsInZhbHVlIjoiSlNvQzNSck1TS0tna21WUWFVSERvaHY0aW9YOFNucUYyMnFPdFEwenJrMGp0ekZQRzd3SHpBb0Z2T0dqM0ZSbG04TENFa28rR0dwY2RaQjJJVGQwajEyTEluMUNBY0gxSDQyWFovSldEN2xTNEg0OE9WVTV0MW1yajdzRXpZVnUiLCJtYWMiOiJmMjMwZGIxOGY5ODU2OGVmYjFlMTE3ZDBlOGU5Zjg1OTMyMDM3NzY2ODM2MDM2ZWJlNWExYTI5NGEzOTQyNjMyIiwidGFnIjoiIn0%3D; expires=Tue, 24-Jun-2025 18:35:28 GMT; path=/ ◀XSRF-TOKEN=eyJpdiI6ImxkbU9abUZjQTlWcWxVOE45akdJWEE9PSIsInZhbHVlIjoiSlNvQzNSck1TS0tna21WUWFVSERvaHY0aW9YOFNucUYyMnFPdFEwenJrMGp0ekZQRzd3SHpBb0Z2T0dqM0ZSbG04TENFa ▶"
    1 => "laravel_session=eyJpdiI6IkFUczFpaTZEaGUxZFd1NFBiNkVMdnc9PSIsInZhbHVlIjoiSlQzTnZ2QVJ2Q29oaDgvazhFeDE4QTFmVno2bmVJeEptT0NEMzNUTElPUDE1QlN1RENaNXJzUk8zd0RyaHRvbkd0NGVsWTBlTTdvc3dlTi9STjlxMlRBUkJWb28xeUxvNHJkMUxYb1JhUU9rWllnUVVWbTFaeTZBZGdTYlR3Q2siLCJtYWMiOiIwYjMyZWYxYzY0MjgwZjI0MmJiMWY4YmE0OTI3NmFlZTEyOWI0MDM0ZWZhNmQ5MDgwMDg0NmVkN2I0ODUwZWZmIiwidGFnIjoiIn0%3D; expires=Tue, 24-Jun-2025 18:35:28 GMT; path=/; httponly ◀laravel_session=eyJpdiI6IkFUczFpaTZEaGUxZFd1NFBiNkVMdnc9PSIsInZhbHVlIjoiSlQzTnZ2QVJ2Q29oaDgvazhFeDE4QTFmVno2bmVJeEptT0NEMzNUTElPUDE1QlN1RENaNXJzUk8zd0RyaHRvbkd0 ▶"
  ]
]

session_attributes

  0 of 0   
array:5 [▼
  "_token" => "OYapjn0muJUYZmODzYajZ8rt89JNAEOQoPVfEQuX"
  "locale" => "ar"
  "_previous" => array:1 [▶
    "url" => "https://www.corspedia.com/ar/%D8%A7%D9%84%D8%AF%D9%88%D8%B1%D8%A7%D8%AA/detect-and-respond-to-cyber-attacks-with-microsoft-365-defender"
  ]
  "_flash" => array:2 [▶
    "old" => []
    "new" => []
  ]
  "PHPDEBUGBAR_STACK_DATA" => []
]