From the course: Microsoft Security Operations Analyst Associate (SC-200) Exam Tips
What are XDR, SIEM, and SOAR?
From the course: Microsoft Security Operations Analyst Associate (SC-200) Exam Tips
What are XDR, SIEM, and SOAR?
- [Instructor] Important to define a few terms before moving into this course. These terms are extended detection and response, security information and event management, and security orchestration and automated response. These are also known by the acronyms XDR, SIEM, and SOAR. XDR has become a commonly-used term for how to provide continuous detection and response to threats and addressing vulnerabilities within an IT environment. Microsoft has created a full set of XDR solutions for IaaS, PaaS, and SaaS solutions with Microsoft Defender for Cloud and Microsoft 365 Defender. These combined solutions provide security posture management, threat and vulnerability detection and response, and governance of resources across Azure, Microsoft 365, Hybrid, and multi-cloud infrastructures of companies. Beyond the capabilities of XDR is the ability to use this information for threat hunting and incident response. Microsoft Defender Solutions can provide logs, events, and data to SIEM and SOAR solutions. This includes Microsoft Sentinel and other third-party solutions. A SIEM is a solution within a security operation center that gathers logs and events from various appliances and software within an information technology infrastructure. These SIEM solutions then review the logs and events for potential threats by searching for behavior that is not typical to best practices or may be seen as anomalous or atypical. A SOAR solution is a complimentary solution to a SIEM. SOAR solutions can add automation to the response of potential events identified as threats in the log files by initiating a workflow. An example of this would be an activity log from a device that has been accessed from a location that has been flagged as a threat. The SOAR can initiate a workflow to take that device offline and send an alert to the security operations response team to investigate. The combination of Microsoft 365 Defender, Microsoft Defender for Cloud, and Microsoft Sentinel creates a combined cloud native set of solutions for XDR, SIEM, and SOAR for full threat detection and response along with security operations for advanced vulnerability and threat hunting, identification, and incident response. This course will provide you with an understanding of each of these solutions and their capabilities as you prepare for the SC-200 Security Operations Analyst Associate exam.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.