6.1 Construct KQL statements for Microsoft Sentinel

6.1 Construct KQL statements for Microsoft Sentinel

wwlpublish Construct KQL statements for Microsoft Sentinel - Training
KQL is used in Microsoft Sentinel for data analysis, creating analytics, workbooks, and hunting. This module teaches constructing KQL statements, searching log files for security events, and filtering searches by various criteria.

‣

Introduction

‣

Understand the Kusto Query Language statement structure

‣

Use the search operator

‣

Use the where operator

‣

Use the let statement

‣

Use the extend operator

‣

Use the order by the operator

‣

Use the project operators

‣

Knowledge Check

‣

Summary and resources