Security
Modern SecOps with Unified Platform
Intermediate
Microsoft SentinelMigrate from 3rd Party SIEM to Microsoft Sentinel for a Unified SecOps experience
Transitioning from 3rd-party SIEMs to Microsoft Sentinel unified with Defender gives you a single, integrated lens across your security estate-reducing complexity, accelerating detection, and shortening response times. In this training you’ll learn how to plan and migrate to the modern unified SOC architecture, connect critical datasources, and use Unified SecOps features in Microsoft Defender portal.
12 hours(Suggested: 3 days, 4h/day)TechnicalProject Ready
MS Course ID: 00059
Last Updated: Mar 20, 2026
Course Syllabus
1
Unified SOC concepts and principles
• Unified SOC in Microsoft Defender
• Cloud-native SIEM fundamentals
• Microsoft Sentinel now available in Defender portal
• High level tenant design principles
• Microsoft Sentinel key features
60 mins
Lecture
2
Microsoft Sentinel architecture and data collection
• Modern Sentinel architecture
• Data collection in Microsoft Sentinel
• Microsoft Sentinel Content Hub and Security Store
• Multi-cloud and hybrid environment integration
• Sentinel Data Lake and Log Analytics
90 mins
Lecture
3
Planning the architecture and the migration (80 min)
• Design your Microsoft Sentinel architecture
• Role and permission management
• Sentinel Cost Calculator
• Write queries using Kusto Query Language
• Create threat detection rules
80 mins
Lecture
4
Identify, compare, and migrate detection rules, SOAR automation and data
• The SIEM migration experience
• Migrate detection rules from ArcSight, Splunk, and QRadar
• Audit rules
• Migrate rules
• Compare rule terminology
• Map and compare rule samples
• Migrating SOAR Automation from ArcSight, Splunk, and QRadar
• Identify SOAR use cases
• Migrate SOAR workflow
• Map SOAR components
• SOAR post migration best practices
• Migrating historical data from ArcSight, Splunk, and QRadar
120 mins
Lecture
5
Updating the processes
• Converting dashboards to workbooks
• Review dashboards in your current SIEM
• Prepare for the dashboard conversion
• Convert dashboards
• Updating SOC processes for Unified SOC
50 mins
Lecture
6
Detection, Analytics, and Threat Hunting
• DevOps - CI/CD Automation
• Analytical rules
• Enhance detection with unified engine
• Hunt for threats
• Threat Intelligence (unified TI management)
• Exploring Microsoft Sentinel Graph (Preview)
• User and Entity Behavior Analytics
150 mins
Lecture
7
Automation, Incident Management, and SOC Operations
• Using playbooks and automation rules
• Investigating incidents in unified case management
• Using Watchlists
• Transition of Microsoft Sentinel environment to the Defender portal
• Streamlining SOC with a unified experience
• Security Copilot, MCP Server (Preview) & AI-Driven SOC
• Demonstration - Unified SIEM + XDR platform
• Multi-customer / MSSP management after migration
90 mins
Lecture
What You'll Learn
Understand core concepts and best practices
Hands-on experience with real-world scenarios
Learn from certified Microsoft experts
Prepare for relevant certifications
Access to lab environments
Post-training support and resources
Course Details
- Duration
- 12 hours
- Level
- Intermediate
- Role
- Technical
- Course Type
- Project Ready
- Partner Segment
- SMB, Enterprise
- Course Stage
- Available
- Hands-on Labs
- No