Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Microsoft

Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

Microsoft via Microsoft Learn

Go to class Write review
Corporate Finance Institute Ad

35% Off Finance Skills That Get You Hired - Code CFI35

Learn More → Babbel Ad

Start speaking a new language. It’s just 3 weeks away.

Learn More →

Overview

Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
  • Construct KQL statements for Microsoft Sentinel

    Upon completion of this module, the learner is able to:

    • Construct KQL statements
    • Search log files for security events using KQL
    • Filter searches based on event time, severity, domain, and other relevant data using KQL
  • Analyze query results using KQL

    Upon completion of this module, the learner will be able to:

    • Summarize data using KQL statements
    • Render visualizations using KQL statements
  • Build multi-table statements using KQL

    Upon completion of this module, the learner will be able to:

    • Create queries using unions to view results across multiple tables using KQL
    • Merge two tables with the join operator using KQL
  • Work with data in Microsoft Sentinel using Kusto Query Language

    Upon completion of this module, the learner will be able to:

    • Extract data from unstructured string fields using KQL
    • Extract data from structured string data using KQL
    • Create Functions using KQL

Syllabus

  • Construct KQL statements for Microsoft Sentinel
    • Introduction
    • Understand the Kusto Query Language statement structure
    • Use the search operator
    • Use the where operator
    • Use the let statement
    • Use the extend operator
    • Use the order by operator
    • Use the project operators
    • Module assessment
    • Summary and resources
  • Analyze query results using KQL
    • Introduction
    • Use the summarize operator
    • Use the summarize operator to filter results
    • Use the summarize operator to prepare data
    • Use the render operator to create visualizations
    • Module assessment
    • Summary and resources
  • Build multi-table statements using KQL
    • Introduction
    • Use the union operator
    • Use the join operator
    • Module assessment
    • Summary and resources
  • Work with data in Microsoft Sentinel using Kusto Query Language
    • Introduction
    • Extract data from unstructured string fields
    • Extract data from structured string data
    • Integrate external data
    • Create parsers with functions
    • Module assessment
    • Summary and resources

Tags

Reviews

Start your review of Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.