Learn your way! Get started

SC-200 Microsoft Security Operations Analyst, Part 9 of 9: Microsoft Sentinel Threat Hunting

with expert Cristian Calinescu

Watch trailer

Course at a glance

Included in these subscriptions:

  • Dev & IT Pro Video
  • Dev & IT Pro Power Pack

Release date 3/25/2022
Level Advanced
Runtime 0h 31m
Closed captioning N/A
Transcript N/A
eBooks / courseware N/A
Hands-on labs N/A
Sample code Included
Exams Included

Enterprise Solutions

Need reporting, custom learning tracks, or SCORM? Learn More

Course description

The SC-200 Microsoft Security Operations Analyst exam measures your ability to accomplish the following technical tasks: mitigate threats using Microsoft 365 Defender (25-30%); mitigate threats using Microsoft Defender for Cloud (25-30%); and mitigate threats using Microsoft Sentinel (40-45%) . This course covers Threat hunting in Microsoft Sentinel.


Basic understanding of Microsoft 365, environment, security, compliance and identity products. Windows 10/11 familiarity wit Azure services, DB, Storage basic understanding of Scripting concepts

Meet the expert

Cristian Calinescu is a Microsoft certified Azure Solutions Architect Expert, Senior Infrastructure Engineer and Infrastructure Security Operations Manager.

Course outline

Module 12

Threat Hunting Concepts in Microsoft Sentinel (31:26)
  • Introduction (00:08)
  • Threat Hunting Concepts in Microsoft Sentinel (01:04)
  • Cybersecurity Threat Hunting (04:30)
  • Develop Threat Hunting Hypothesis (03:58)
  • Threat Hunting with Microsoft Sentinel (00:27)
  • Hunt Using Built-in Queries (01:41)
  • Demo: Quries (05:06)
  • Observe Threats Over TIme (01:55)
  • Demo: Observe Threats (01:37)
  • Notebooks in Microsoft Sentinel (00:27)
  • Hunt with Notebooks (05:02)
  • Create a Notebook (01:28)
  • Demo: Create Notebook (00:54)
  • Explore Notebook (02:56)
  • Summary (00:08)