SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
Created By
Microsoft via Microsoft Learn
- 0
- 2-3 hours worth of material
- Microsoft Learn
- English
Course Overview
- Module 1: Construct KQL statements for Microsoft Sentinel
- Construct KQL statements
- Search log files for security events using KQL
- Filter searches based on event time, severity, domain, and other relevant data using KQL
- Module 2: Analyze query results using KQL
- Summarize data using KQL statements
- Render visualizations using KQL statements
- Module 3: Build multi-table statements using KQL
- Create queries using unions to view results across multiple tables using KQL
- Merge two tables with the join operator using KQL
- Module 4: Work with data in Microsoft Sentinel using Kusto Query Language
- Extract data from unstructured string fields using KQL
- Extract data from structured string data using KQL
- Create Functions using KQL
Upon completion of this module, the learner will be able to:
Upon completion of this module, the learner will be able to:
Upon completion of this module, the learner will be able to:
Upon completion of this module, the learner will be able to:
Course Circullum
- Module 1: Construct KQL statements for Microsoft Sentinel
- Introduction
- Understand the Kusto Query Language statement structure
- Use the let statement
- Use the search operator
- Use the where operator
- Use the extend operator
- Use the order by operator
- Use the project operators
- Knowledge check
- Summary and resources
- Module 2: Analyze query results using KQL
- Introduction
- Use the summarize operator
- Use the summarize operator to filter results
- Use the summarize operator to prepare data
- Use the render operator to create visualizations
- Knowledge check
- Summary and resources
- Module 3: Build multi-table statements using KQL
- Introduction
- Use the union operator
- Use the join operator
- Knowledge check
- Summary and resources
- Module 4: Work with data in Microsoft Sentinel using Kusto Query Language
- Introduction
- Extract data from unstructured string fields
- Extract data from structured string data
- Integrate external data
- Create parsers with functions
- Knowledge check
- Summary and resources
Item Reviews - 3
Submit Reviews
This Course Include:
- Module 1: Construct KQL statements for Microsoft Sentinel
- Introduction
- Understand the Kusto Query Language statement structure
- Use the let statement
- Use the search operator
- Use the where operator
- Use the extend operator
- Use the order by operator
- Use the project operators
- Knowledge check
- Summary and resources
- Module 2: Analyze query results using KQL
- Introduction
- Use the summarize operator
- Use the summarize operator to filter results
- Use the summarize operator to prepare data
- Use the render operator to create visualizations
- Knowledge check
- Summary and resources
- Module 3: Build multi-table statements using KQL
- Introduction
- Use the union operator
- Use the join operator
- Knowledge check
- Summary and resources
- Module 4: Work with data in Microsoft Sentinel using Kusto Query Language
- Introduction
- Extract data from unstructured string fields
- Extract data from structured string data
- Integrate external data
- Create parsers with functions
- Knowledge check
- Summary and resources
- Provider:Microsoft Learn
- Certificate:Not Avalible
- Language:English
- Duration:2-3 hours worth of material
- Language CC: