MEAPSA

Query logs in Microsoft Sentinel

As a Security Operations Analyst, you must understand the tables, fields, and data ingested in your workspace. Learn how to query the most used data tables in Microsoft Sentinel.

Security Operations Analyst

Azure

Module Objectives

Upon completion of this module, the learner will be able to:

Use the Logs page to view data tables in Microsoft Sentinel
Query the most used tables using Microsoft Sentinel

Units

Introduction min
Query logs in the logs page min
Understand Microsoft Sentinel tables min
Understand common tables min
Understand Microsoft Defender XDR tables min
Knowledge check min
Summary and resources min

Prerequisites

Basic knowledge of operational concepts such as monitoring, logging, and alerting