SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

Write Kusto Query Language (KQL) statements to query log data to perform detections, analysis, and reporting in Microsoft Sentinel. This learning path will focus on the most used operators. The example KQL statements will showcase security related table queries.

Prerequisites

Basic understanding of scripting concepts.
Security Operations Analyst
Azure
Microsoft Sentinel

Related Modules

Construct KQL statements for Microsoft Sentinel
module
Host your domain on Azure DNS
Intermediate   MS Learn
Azure
Data Explorer
Analyze query results using KQL
module
Host your domain on Azure DNS
Intermediate   MS Learn
Azure
Log Analytics
Build multi-table statements using KQL
module
Host your domain on Azure DNS
Intermediate   MS Learn
Azure
Log Analytics
Work with data in Microsoft Sentinel using Kusto Query Language
module
Host your domain on Azure DNS
Intermediate   MS Learn
Azure
Log Analytics