Midnight theme
Midnight is a theme for GitHub Pages.
Project maintained by GiBoris
Hosted on GitHub Pages — Theme by mattgraham
Microsoft Security Labs ☁️🛡️
This repository contains hands-on labs focused on the Microsoft security ecosystem, covering:
- Microsoft Entra ID (Identity & Access Management)
- Microsoft Defender for Endpoint (EDR)
- Microsoft Sentinel (SIEM)
- KQL (Threat Hunting & Detection)
- Detection Engineering & Incident Response
Each lab demonstrates practical, job-relevant skills aligned with SOC / Cybersecurity Analyst roles.
Labs
✅ Lab 01 — Azure & Entra ID Setup + Investigation
Focus:
- Azure environment setup and cost management
- Identity and access configuration
- Initial investigation using Microsoft security tools
➡️ Open Lab
✅ Lab 02 — Microsoft Defender for Endpoint
Focus:
- Endpoint onboarding and device discovery
- Alert generation and incident correlation
- Investigation using Defender XDR
➡️ Open Lab
✅ Lab 03 — Microsoft Sentinel Configuration & Data Connectors
Focus:
- SIEM deployment in Azure
- Data connectors (Windows, Linux, Azure, Defender)
- Log ingestion and data collection rules
➡️ Open Lab
✅ Lab 04 — KQL Queries for Microsoft Sentinel
Focus:
- Log analysis and filtering
- Threat hunting queries
- Detection logic development
- Data visualisation
➡️ Open Lab
✅ Lab 05 — Detections & Incident Response in Sentinel
Focus:
- Detection rule creation
- Playbooks and SOAR automation
- UEBA integration
- Incident investigation workflow
➡️ Open Lab
What this portfolio demonstrates
- End-to-end Microsoft security ecosystem understanding
- Practical SIEM (Sentinel) and EDR (Defender) experience
- Threat hunting using KQL
- Detection engineering and incident response workflows
- Hands-on SOC-level investigation skills
Notes
- Each lab contains:
index.md → web-friendly overviewREADME.md → full detailed documentation
- Screenshots are stored in the
Images/ folder within each lab
Disclaimer
All labs are performed in isolated, non-production environments using simulated data.