Description

Module 1: Construct KQL statements for Microsoft SentinelUpon completion of this module, the learner will be able to:Construct KQL statementsSearch log files for security events using KQLFilter searches based on event time, severity, domain, and other relevant data using KQLModule 2: Analyze query results using KQLUpon completion of this module, the learner will be able to:Summarize data using KQL statementsRender visualizations using KQL statementsModule 3: Build multi-table statements using KQLUpon completion of this module, the learner will be able to:Create queries using unions to view results across multiple tables using KQLMerge two tables with the join operator using KQLModule 4: Work with data in Microsoft Sentinel using Kusto Query LanguageUpon completion of this module, the learner will be able to:Extract data from unstructured string fields using KQLExtract data from structured string data using KQLCreate Functions using KQL

Tags

Syllabus

Syllabus Module 1: Construct KQL statements for Microsoft SentinelIntroductionUnderstand the Kusto Query Language statement structureUse the let statementUse the search operatorUse the where operatorUse the extend operatorUse the order by operatorUse the project operatorsKnowledge checkSummary and resourcesModule 2: Analyze query results using KQLIntroductionUse the summarize operatorUse the summarize operator to filter resultsUse the summarize operator to prepare dataUse the render operator to create visualizationsKnowledge checkSummary and resourcesModule 3: Build multi-table statements using KQLIntroductionUse the union operatorUse the join operatorKnowledge checkSummary and resourcesModule 4: Work with data in Microsoft Sentinel using Kusto Query LanguageIntroductionExtract data from unstructured string fieldsExtract data from structured string dataIntegrate external dataCreate parsers with functionsKnowledge checkSummary and resources Read more