During Microsoft Ignite in November 2021, Azure Sentinel is now called Microsoft Sentinel. They’ve also renamed Azure Security Center and Azure Defender to Microsoft Defender for Cloud.
In this article, we will share with you how to prepare and pass the Microsoft Sentinel Ninja Training.
Table of Contents
Introduction
Microsoft Sentinel is a cloud-native Security Information Event Management (SIEM) and Security Orchestration Automated Response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
A quick example, a SIEM has the ability to correlate events from one or more devices to provide additional detail about an incident. For instance, an attacker performing a brute-force password attack on a web server may be generating alerts on the web server itself and also on the firewall and intrusion detection system. A SIEM would portray the incident using events from these and possibly other devices to give you a richer depiction of the incident.
As of August 23rd, 2021, the Microsoft Sentinel team has announced that in addition to preparing and becoming a Microsoft Sentinel Ninja, you can take a knowledge check and request a certificate of completion if you score 80% or more.
Microsoft Sentinel Ninja Training
The Microsoft Sentinel Ninja training lists many technical resources, organized in a format that can help you go from absolutely no knowledge in Sentinel to designing and implementing different scenarios.
The Ninja training program includes 16 modules. It includes a presentation for each module with a recording published on YouTube when available, it also supports information relevant to product documentation, blog posts, and other resources.
Every month, the Microsoft Sentinel team is adding new updates to the study guide, and you can track it by checking the date besides the topic. If you have already studied all the modules and you are ready for the knowledge check, follow the steps below:
Knowledge Check
The knowledge measure for Microsoft Sentinel consists of 30 multiple-choice questions.
I’ve just taken the test myself and I am so happy and grateful now that I passed it the first time with a high passing score of 27/30 without any additional preparation. I work with Microsoft Sentinel on regular basis.
You need 80% or 24 points at least to pass this knowledge check. I missed three questions. The good news is, that the knowledge check will show you the correct answers after you submit the quiz, so you can understand better the right answers.
To get started, check out the Microsoft Sentinel Ninja training page. If you have already studied all the modules and are ready for the knowledge check, please go to the direct link here: knowledge check.
Please do not take the knowledge check lightly, some questions are difficult to answer. You can expect some Kusto Query Language (KQL) questions, you have plenty of time to answer the questions, with no time limit.
Once you pass, you’ll be able to request the self-attestation by filling out the form on this page. Please note that it will take one business day to receive the certificate in your inbox similar to the one below. It makes a nice addition to your list of certifications and accomplishments on LinkedIn.
Please note that this is not an “official” certification, but (as a tip) the effort looks good if you place the certificate as shown in the image below with your current work experience.
This shows a record of your impact and is useful for keeping track of your efforts for those annual awards discussions with your manager.
Last but not least, I want to thank the entire Microsoft Sentinel team who prepared the Ninja Training and the Knowledge Check.
> Are you interested to become a Microsoft Defender for Cloud (formerly known as Azure Security Center / Azure Defender) Ninja? Check out the following step-by-step guide.
All the best,
__
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.
-Charbel Nemnom-
