Analyze query results using KQL

Learn how to summarize and visualize data with a KQL statement provides the foundation to build detections in Microsoft Sentinel.

Security Operations Analyst

Azure

Log Analytics

Microsoft Sentinel

Module Objectives

Upon completion of this module, the learner will be able to:

Summarize data using KQL statements
Render visualizations using KQL statements

Units

Introduction min
Use the summarize operator min
Use the summarize operator to filter results min
Use the summarize operator to prepare data min
Use the render operator to create visualizations min
Knowledge check min
Summary and resources min

Prerequisites

Familiarity with security operations in an organization.
Basic experience with Azure services.