MEAPSA

Use watchlists in Microsoft Sentinel

Learn how to create Microsoft Sentinel watchlists that are a named list of imported data. Once created, you can easily use the named watchlist in KQL queries.

Security Operations Analyst

Azure

Microsoft Sentinel

Module Objectives

Upon completion of this module, the learner will be able to:

Create a watchlist in Microsoft Sentinel
Use KQL to access the watchlist in Microsoft Sentinel

Units

Introduction min
Plan for watchlists min
Create a watchlist min
Manage watchlists min
Knowledge check min
Summary and resources min