Udemy, Coursera, 2U/edX Face Lawsuits Over Meta Pixel Use

Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Microsoft

SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

Microsoft via Microsoft Learn

Go to class Write review

Overview

  • Module 1: Construct KQL statements for Microsoft Sentinel

    • Upon completion of this module, the learner will be able to:

    • Construct KQL statements
    • Search log files for security events using KQL
    • Filter searches based on event time, severity, domain, and other relevant data using KQL
  • Module 2: Analyze query results using KQL

    • Upon completion of this module, the learner will be able to:

    • Summarize data using KQL statements
    • Render visualizations using KQL statements
  • Module 3: Build multi-table statements using KQL

    • Upon completion of this module, the learner will be able to:

    • Create queries using unions to view results across multiple tables using KQL
    • Merge two tables with the join operator using KQL
  • Module 4: Work with data in Microsoft Sentinel using Kusto Query Language

    • Upon completion of this module, the learner will be able to:

    • Extract data from unstructured string fields using KQL
    • Extract data from structured string data using KQL
    • Create Functions using KQL

Syllabus

  • Module 1: Construct KQL statements for Microsoft Sentinel
    • Introduction
    • Understand the Kusto Query Language statement structure
    • Use the let statement
    • Use the search operator
    • Use the where operator
    • Use the extend operator
    • Use the order by operator
    • Use the project operators
    • Knowledge check
    • Summary and resources
  • Module 2: Analyze query results using KQL
    • Introduction
    • Use the summarize operator
    • Use the summarize operator to filter results
    • Use the summarize operator to prepare data
    • Use the render operator to create visualizations
    • Knowledge check
    • Summary and resources
  • Module 3: Build multi-table statements using KQL
    • Introduction
    • Use the union operator
    • Use the join operator
    • Knowledge check
    • Summary and resources
  • Module 4: Work with data in Microsoft Sentinel using Kusto Query Language
    • Introduction
    • Extract data from unstructured string fields
    • Extract data from structured string data
    • Integrate external data
    • Create parsers with functions
    • Knowledge check
    • Summary and resources

Tags

Reviews

Start your review of SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.