Microsoft

SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

Offered byMicrosoft

SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
at
Microsoft
Overview

Learn how basic KQL statement structure provides the foundation to build more complex statements

Duration	2 hours
Total fee	Free
Mode of learning	Online
Schedule type	Self paced
Difficulty level	Intermediate
Official Website	Explore Free Course
Credential	Certificate

SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
at
Microsoft
Course details

Skills you will learn

Data mining Security

What are the course deliverables?

Learn how to summarize and visualize data with a KQL statement provides the foundation to build detections in Microsoft Sentinel
Learn how to work with multiple tables using KQL
Learn how to use the Kusto Query Language (KQL) to manipulate string data ingested from log sources

More about this course

This learning path will focus on the most used operators
Write Kusto Query Language (KQL) statements to query log data to perform detections, analysis, and reporting in Microsoft Sentinel
The example KQL statements will showcase security related table queries
KQL is the query language used to perform analysis on data to create analytics, workbooks, and perform hunting in Microsoft Sentinel

SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
at
Microsoft
Curriculum

Construct KQL statements for Microsoft Sentinel

Introduction

Understand the Kusto Query Language statement structure

Use the let statement

Use the search operator

Use the where operator

Use the extend operator

Use the order by operator

Use the project operators

Knowledge check

Summary and resources

Analyze query results using KQL

Introduction

Use the summarize operator

Use the summarize operator to filter results

Use the summarize operator to prepare data

Use the render operator to create visualizations

Knowledge check

Summary and resources

Build multi-table statements using KQL

Introduction

Use the union operator

Use the join operator

Knowledge check

Summary and resources

Work with data in Microsoft Sentinel using Kusto Query Language

Introduction

Extract data from unstructured string fields

Extract data from structured string data

Integrate external data

Create parsers with functions

Knowledge check

Summary and resources

SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
at
Microsoft
Entry Requirements

Eligibility criteria Up Arrow Icon

Prerequisites: Basic understanding of scripting concepts

Conditional Offer Up Arrow Icon

Not mentioned

Other courses offered by Microsoft

Create a Language Understanding solution with Azure Cognitive Services

MicrosoftCertificate

Total Fees

Free

Duration

2 hours

Difficulty level

Intermediate

Architect infrastructure operations in Azure

MicrosoftCertificate

Total Fees

Free

Duration

4 hours

Difficulty level

Intermediate

Skills

Accounting Security

Manage resources in Azure

MicrosoftCertificate

Total Fees

Free

Duration

5 hours

Difficulty level

Beginner

Skills

Saas PaaS Microsoft Azure Cloud Services

Implement goal management in Dynamics 365 Sales and Customer Service

MicrosoftCertificate

Total Fees

Free

Duration

1 hours

Difficulty level

Beginner

Skills

View Other 1171 Courses

SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

at

Microsoft

Student Forum

Anything you would want to ask experts?

Write here...

Data ScienceData Science BasicsData MiningSC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

Useful Links

Know more about Microsoft

All About Microsoft

Reviews on Placements, Faculty & Facilities

Know more about Programs

Computer Courses (IT & Software)

Big Data & Analytics

Waterfall / SDLC

Agile (Scrum, Kanban)

Online Java Courses

Distributed Algorithms

Online courses in PHP