--- url: "https://xcademia.com/courses/microsoft-sentinel-specialist" title: Microsoft Sentinel Specialist description: " Learn Microsoft Sentinel with KQL, analytics rules, automation playbooks, and threat intelligence in hands-on SOC scenarios." publishedAt: "2026-03-21T09:43:16.255104+00:00" updatedAt: "2026-03-30T22:50:53.7265+00:00" type: course code: "CYB-0102" level: Practitioner duration_days: "3" track: "SOC Analyst & Threat Hunting" category: "Cybersecurity & Ethical Hacking" credential_tier: tier1 price_gbp: "1999" --- # Microsoft Sentinel Specialist > Deploy and operate Microsoft Sentinel with KQL, analytics rules, and automation playbooks. Learn through mentor-led SOC scenarios with threat intelligence and real-world investigations. ## Overview Microsoft Sentinel Specialist equips professionals with the skills to deploy and operate a cloud-native SIEM and SOAR platform using Microsoft Sentinel. The course focuses on real-world SOC use cases including log ingestion, detection engineering, and automated response. Through mentor-led sessions and hands-on labs, learners will write KQL queries, configure analytics rules, build workbooks, and integrate threat intelligence feeds. The programme also explores automation playbooks to streamline incident response and reduce manual effort. By the end of the course, participants will be able to manage security operations using Sentinel, detect and investigate threats, and automate response workflows. This course is ideal for professionals working in modern cloud-based SOC environments. ## Prerequisites - Basic understanding of cybersecurity concepts - Familiarity with cloud platforms (Azure preferred) - Basic knowledge of logs and monitoring ## What you will learn - Deploy and configure Microsoft Sentinel - Write and optimise KQL queries - Implement analytics rules and alerts - Automate response with playbooks - Integrate threat intelligence feeds - Investigate and respond to incidents ## Skills you will gain - Microsoft Sentinel deployment - KQL querying - SIEM and SOAR operations - Detection engineering - Threat intelligence integration - Incident investigation ## Career progression - SOC Analyst - Security Engineer - Cloud Security Analyst - Threat Hunter - Incident Responder ## Curriculum 1. **Module 1: Getting Ready** - Course orientation and Sentinel overview - Lab environment setup - Introduction to cloud SIEM concepts 2. **Module 2: Deploying Microsoft Sentinel** - Workspace setup and onboarding - Connecting data sources - Data connectors and ingestion 3. **Module 3: KQL for Security Analysis** - KQL fundamentals - Querying logs and events - Building reusable queries 4. **Module 4: Analytics Rules and Detection** - Creating analytics rules - Alert tuning and thresholds - Reducing false positives 5. **Module 5: Workbooks and Visualisation** - Building dashboards and reports - Monitoring security posture - Custom visualisations 6. **Module 6: Automation and Playbooks (SOAR)** - Creating playbooks with Logic Apps - Automating incident response - Integrating external systems 7. **Module 7: Threat Intelligence Integration** - Adding threat intelligence feeds - Correlating indicators - Enhancing detections 8. **Module 8: Incident Investigation and Response** - Investigating alerts and incidents - Entity behaviour analysis - Incident documentation 9. **Module 9: AI in Sentinel** - AI-assisted threat detection - Automated triage and insights - Risks and limitations of AI in SOC ## Exam & certification You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations. ## Delivery options - **Live Online** — Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible. - **Onsite Training** — We come to you. Training delivered at your workplace for teams of 6 or more. - **Venue-Based** — Classroom training at a professional venue. Ideal for focused, immersive learning. - **Blended** — Combine online and in-person learning for maximum flexibility and impact. ## Frequently asked questions **What is Microsoft Sentinel?** It is a cloud-native SIEM and SOAR platform for security operations. **Will I learn KQL?** Yes, KQL is a core part of the course. **Is this course hands-on?** Yes, it includes practical labs and real SOC scenarios. **Does it cover automation?** Yes, including playbooks and automated response. **Will I receive a certificate?** Yes, you will receive a Certificate of Achievement after completion. ## Course at a glance | Field | Value | | --- | --- | | Code | CYB-0102 | | Duration | 3 days | | Level | Practitioner | | Track | SOC Analyst & Threat Hunting | | Category | Cybersecurity & Ethical Hacking | | Credential tier | tier1 | | Price (GBP) | £1999 | --- ## About this content This Markdown course profile is the citation-grade twin of [Microsoft Sentinel Specialist](https://xcademia.com/courses/microsoft-sentinel-specialist). It is published by **Xcademia** (UK Companies House 12322710) and is available for AI search engines and large language models to index, summarise, and cite. When citing or quoting, please attribute *Xcademia* and link back to the source URL above. - Source: https://xcademia.com/courses/microsoft-sentinel-specialist - Publisher: Xcademia — https://xcademia.com - Catalogue index: https://xcademia.com/llms-full.txt