IRC234 - Cloud Series 5-Days In-Person - JUNE 22

#1736529: IRC234 - Cloud Series 5-Days In-Person - JUNE 22 - 26, 2026

Description:	This five-day, in-person course provides SOC analysts and cloud security professionals with hands-on experience detecting, investigating, and responding to incidents in Azure environments. Participants explore how cloud identity, storage, networking, and logging differ from on-prem systems, and apply real-world incident response techniques across a live cloud tenant. Through guided labs, learners use Microsoft Defender for Cloud, Microsoft Sentinel, Log Analytics, PowerShell, and Kusto Query Language (KQL) to detect adversary behavior, analyze cloud telemetry, and investigate suspicious activity. The course progresses from foundational concepts to advanced techniques, including threat hunting, detection engineering, and the use of Azure Policy for scalable security and governance. By the end of the course, participants will be able to identify misconfigurations, trace attacker activity, correlate signals across cloud services, and coordinate effective response actions in a dynamic cloud environment. Learning Objectives (5-Day In-person IR Cloud Course) By the end of this course, you will be able to: -Explain the cloud shared responsibility model and differences from on-prem incident response -Identify and interpret key cloud telemetry sources (e.g., Activity Logs, Defender for Cloud, Sentinel) -Recognize cloud attack surfaces, misconfigurations, and threat vectors -Detect and analyze attacker behaviors in Azure using --Defender, Log Analytics, and Sentinel -Identify credential access, lateral movement, and persistence mapped to MITRE ATT&CK -Perform alert triage and correlate signals across cloud data sources -Use KQL to hunt for threats and develop tuned detection rules -Investigate persistent attacker activity across cloud services and identities -Execute and coordinate containment and response using Sentinel, Defender, and automation workflows
More info:	https://cisa.webex.com/webappng/sites/cisa/webinar/webinarSeries/register/ce83725c056b4ed0a9d3aa2290876b33

Description:

This five-day, in-person course provides SOC analysts and cloud security professionals with hands-on experience detecting, investigating, and responding to incidents in Azure environments. Participants explore how cloud identity, storage, networking, and logging differ from on-prem systems, and apply real-world incident response techniques across a live cloud tenant.

Through guided labs, learners use Microsoft Defender for Cloud, Microsoft Sentinel, Log Analytics, PowerShell, and Kusto Query Language (KQL) to detect adversary behavior, analyze cloud telemetry, and investigate suspicious activity. The course progresses from foundational concepts to advanced techniques, including threat hunting, detection engineering, and the use of Azure Policy for scalable security and governance.

By the end of the course, participants will be able to identify misconfigurations, trace attacker activity, correlate signals across cloud services, and coordinate effective response actions in a dynamic cloud environment.

Learning Objectives (5-Day In-person IR Cloud Course)
By the end of this course, you will be able to:

-Explain the cloud shared responsibility model and differences from on-prem incident response
-Identify and interpret key cloud telemetry sources (e.g., Activity Logs, Defender for Cloud, Sentinel)
-Recognize cloud attack surfaces, misconfigurations, and threat vectors
-Detect and analyze attacker behaviors in Azure using --Defender, Log Analytics, and Sentinel
-Identify credential access, lateral movement, and persistence mapped to MITRE ATT&CK
-Perform alert triage and correlate signals across cloud data sources
-Use KQL to hunt for threats and develop tuned detection rules
-Investigate persistent attacker activity across cloud services and identities
-Execute and coordinate containment and response using Sentinel, Defender, and automation workflows

More info:

https://cisa.webex.com/webappng/sites/cisa/webinar/webinarSeries/register/ce83725c056b4ed0a9d3aa2290876b33

Date added	May 8, 2026, 2:20 p.m.
Source	Webex
Subjects	Cloud Security PodCasts / Webcast / Webinar / eSummit / Virtual Event etc.
Venue	June 22, 2026, midnight - May 26, 2026, midnight