MEAPSA

Work with data in Microsoft Sentinel using Kusto Query Language

Learn how to use the Kusto Query Language (KQL) to manipulate string data ingested from log sources.

Security Operations Analyst

Azure

Log Analytics

Microsoft Sentinel

Module Objectives

Upon completion of this module, the learner will be able to:

Extract data from unstructured string fields using KQL
Extract data from structured string data using KQL
Create Functions using KQL

Units

Introduction min
Extract data from unstructured string fields min
Extract data from structured string data min
Integrate external data min
Create parsers with functions min
Knowledge check min
Summary and resources min