soc30 / lms
connected
back to day 15
WEEK_3 · DAY_15 · LAB

Lab 15 — Plan Roles & Indexes

Roles, indexes, deployment server, monitoring console, license

LAB PROGRESS0/4 steps · 0%

Lab Objectives

  • Manage users, roles, capabilities
  • Plan and create indexes with retention
  • Push apps via Deployment Server
  • Use Monitoring Console for health

Lab Instructions

  1. 1
    Define roles: t1, t2, t3, soc_manager, ir_lead.
  2. 2
    Map capabilities and srchIndexesAllowed for each.
  3. 3
    Plan 5 indexes with retention (wineventlog 90d, sysmon 60d, network 30d, email 180d, notable 365d).
  4. 4
    Document a Deployment Server serverclass for Windows endpoints.
← LAB 14
Lab 14 — Author a Scheduled Alert
LAB 16
Lab 16 — Validate CIM Compliance