Flash Offer: Get API Red Team Analyst (API-RTA) at only $9, Use Code: WHY49? | |  Introducing Certified Azure Threat Hunter (CAZTH), Enroll Now!

Certified Azure Threat Hunter [CAz-TH]

The Certified Azure Threat Hunter (CAz-TH) course is designed to equip cybersecurity professionals with the skills, methodologies, and practical knowledge required to proactively detect, investigate, and respond to threats across Microsoft Azure and Microsoft 365 environments.

  • Understand cloud threat hunting methodologies and modern detection strategies
  • Analyze Azure attack techniques from a defender’s perspective
  • Investigate identity-based attacks targeting Microsoft Entra ID
  • Detect malicious activities within Azure Resource Manager and Microsoft 365
  • Perform structured threat hunting using Azure telemetry and logs
  • Map attacker behaviors to the MITRE ATT&CK Framework
  • Conduct cloud incident response and remediation activities
  • Operationalize threat hunting through automation and SOAR workflows
Enroll Now
Certified Azure Threat Hunter [CAz-TH]
  • Azure log collection and telemetry analysis
  • Threat hunting using Sign-In Logs, Audit Logs, Activity Logs, and Resource Logs
  • Microsoft Entra ID attack investigations
  • Detection of suspicious authentication and identity abuse activities
  • Investigation of privilege escalation and persistence mechanisms
  • Azure Resource Manager attack investigations
  • Microsoft 365 compromise investigations
  • Unified Audit Log (UAL) analysis and threat detection
  • Threat hunting using the MITRE ATT&CK Framework

Fundamentals of Threat Hunting

  • What is Threat Hunting?
  • Where Threat Hunting Stands in the Organization
  • The Pyramid of Pain
  • Types of Threat Hunting
  • MITRE ATT&CK Framework and Navigator
  • Threat Hunting Maturity Model
  • How to Plan a Threat Hunt

Azure Cloud Fundamentals for Blue Teamers

  • Azure Cloud Architecture Overview
  • Microsoft Entra ID (Azure AD) Fundamentals
  • Fundamentals of Azure Resource Manager (ARM)
  • Microsoft 365 Fundamentals
  • Azure Logging Ecosystem
  • Built-in Security Services in Azure Cloud

Environment Setup & Tooling

  • Deploying and Configuring Splunk for Azure
  • Data Integration: Routing Azure Logs to Splunk

Azure Attack Investigations

  • Entra ID Attack Investigation – Attack Path 1
  • Entra ID Attack Investigation – Attack Path 2
  • ARM Attack Investigation
  • Office 365 Attack Investigation

Operationalising Threat Hunting & Incident Response

  • Containment Strategies for Azure Resources
  • Identity Remediation and Token Revocation
  • Threat Eradication and Persistence Removal
  • Introduction to SOAR and Playbook Automation
DOWNLOAD FULL SYLLABUS

Pre-requisites

The following are the requirements:

  • Basic understanding of cybersecurity concepts
  • Familiarity with cloud computing fundamentals
  • Basic knowledge of Microsoft Azure services
  • Understanding of authentication and identity concepts
  • Familiarity with Active Directory or Microsoft Entra ID
  • Basic understanding of security monitoring and logging
  • Knowledge of SIEM platforms is beneficial but not mandatory
  • Familiarity with MITRE ATT&CK concepts is recommended
  • Experience with Windows and cloud environments is advantageous

Target Audience:

Targeted audience may include the following groups of professionals:

  • Threat Hunters
  • SOC Analysts
  • Security Analysts
  • Incident Responders
  • Detection Engineers
  • Cloud Security Engineers
  • Blue Team Professionals
  • Security Operations Teams
  • Microsoft Security Administrators
  • Cyber Defense Analysts
  • Security Consultants

To earn the CWL Azure Threat Hunter Certificate, participants must:

Premium Version

Certified Azure Threat Hunter [CAz-TH]

$49 $29

Enroll Now

Top features:

  • 6+ Hours HD Videos
  • Lifetime Course Access
  • 15+ Flag-Based Threat Hunting Challenges
  • Unlimited Challenge Attempts
  • 30 Days CAz-TH Exam Lab Access
  • Technical Support

Choose your journey and earn the CWL Verified OCO-AI Certification today

INDIVIDUAL
TEAM ENROLLMENT

F.A.Q

Who is this course designed for?

This course is designed for cybersecurity professionals who want to develop cloud threat hunting and incident response skills within Microsoft Azure environments. It is ideal for:

  • Threat Hunters
  • SOC Analysts
  • Incident Responders
  • Security Analysts
  • Detection Engineers
  • Cloud Security Engineers
  • Blue Team Professionals
  • Security Consultants
Do I need prior Azure experience?

Basic familiarity with cloud computing concepts is recommended. The course begins with Azure fundamentals, Microsoft Entra ID, Azure Resource Manager, and Microsoft 365 before progressing to advanced threat hunting investigations.

What cloud services are covered in this course?

The course focuses on threat hunting and investigations across:

  • Microsoft Entra ID
  • Azure Resource Manager
  • Microsoft 365
  • Azure Logging Services
  • Azure Security Services
What skills will I gain from this course?

By completing the course, participants will gain practical experience in:

  • Azure Threat Hunting
  • Cloud Log Analysis
  • Incident Investigation
  • Microsoft Entra ID Security Monitoring
  • MITRE ATT&CK-Based Hunting
  • Detection Engineering
  • Azure Resource Investigation
  • Microsoft 365 Security Analysis
  • Incident Response and Remediation
  • Security Automation and SOAR
Will this course cover real-world attack investigations?

Yes. Dedicated modules focus on realistic Azure attack paths and investigation scenarios involving compromised identities, Azure resources, and Microsoft 365 environments.

Do I need my own Azure subscription?

A dedicated exam lab environment will be provided for assessment purposes. However, participants are encouraged to maintain their own Microsoft Azure subscription for additional practice and experimentation.

Is the course focused on offense or defense?

This course focuses on defensive security operations, including threat hunting, incident response, attack investigation, and cloud security monitoring.

How long does the course take to complete?

The course typically requires 5 – 10 hours to complete, depending on the learner’s pace and the time spent on practical investigations and labs.

Will I receive a certificate after completing the course?

Yes. Participants who successfully complete the training and pass the practical assessment will earn the Certified Azure Threat Hunter (CAz-TH) Certificate.

Is this course suitable for beginners?

The course is designed for beginner-to-intermediate security professionals. Basic familiarity with cloud platforms, security concepts, and Microsoft technologies is recommended.

How is this course different from general Azure security courses?

Most Azure security courses focus on administration, configuration, and compliance. This course focuses on proactive threat hunting, attack investigations, cloud detection engineering, and incident response, providing practical experience with real-world Azure security operations.

Do you have a refund policy?

CWL follows a strict no-refund policy once course access has been granted.

Have more questions?

If your query isn’t listed here, feel free to contact [email protected].

Team Enrolment Form Details

Fill out the form below, and we will be in touch shortly.