Data normalization in Microsoft Sentinel

  • Module
  • 8 Units
Intermediate
Security Operations Analyst
Azure
Microsoft Sentinel

By the end of this module, you're able to use Advanced Security Information Model (ASIM) parsers to identify threats inside your organization.

Learning objectives

After completing this module, you'll be able to:

  • Use ASIM Parsers
  • Create ASIM Parser
  • Create parameterized KQL functions

Prerequisites

Basic knowledge of Kusto Query Language (KQL).