sameer fakhoury
  • Home
  • CTF Writeups
  • Course Summaries
  • Cyber Reports
  • Articles
  • Event Notes
  • About Me
6.1 Construct KQL statements for Microsoft Sentinel

6.1 Construct KQL statements for Microsoft Sentinel

  • wwlpublish Construct KQL statements for Microsoft Sentinel - Trainingwwlpublish Construct KQL statements for Microsoft Sentinel - Training
  • KQL is used in Microsoft Sentinel for data analysis, creating analytics, workbooks, and hunting. This module teaches constructing KQL statements, searching log files for security events, and filtering searches by various criteria.
‣

Introduction

‣

Understand the Kusto Query Language statement structure

‣

Use the search operator

‣

Use the where operator

‣

Use the let statement

‣

Use the extend operator

‣

Use the order by the operator

‣

Use the project operators

‣

Knowledge Check

‣

Summary and resources

©sameer fakhoury

GitHubLinkedIn