MEAPSA

Data normalization in Microsoft Sentinel

By the end of this module, you'll be able to use ASIM parsers to identify threats inside your organization.

Security Operations Analyst

Azure

Microsoft Sentinel

Module Objectives

After completing this module, you will be able to:

Use ASIM Parsers
Create ASIM Parser
Create parameterized KQL functions

Units

Introduction min
Understand data normalization min
Use ASIM Parsers min
Understand parameterized KQL functions min
Create an ASIM Parser min
Configure Azure Monitor Data Collection Rules min
Knowledge check min
Summary and resources min

Prerequisites

Basic knowledge of Kusto Query Language (KQL).