Course Overview
Course Description
The purpose of this course is to teach the tasks required of a Sentinel 8 Administrator. Students will be able to describe the architecture, install collectors that capture events from various event sources, detect anomalies, and be able to run reports based on those collected events. This course will deliver administration information and tasks required to manage a Sentinel Deployment. After completing this course, students should be able to install and configure Sentinel 7 and collect events from various event sources. Students should also be able to perform tasks related to security and intelligence, data storage, and event searching and reporting.
Topics covered in this course include the following:
- Introduction to Sentinel
- Installing Sentinel
- Active Views and Event Views
- Setting up Roles and Users
- Storage
- Event Source Management
- Searching and Reporting
- Multitenancy
- Correlations
- Taking Action on Events
- Incident Response
- Adding Event Context
- Alerts
- Security Intelligence
- Scalable Storage