Query logs in Microsoft Sentinel

Module
7 Units

Intermediate

Security Operations Analyst

Azure

As a Security Operations Analyst, you must understand the tables, fields, and data ingested in your workspace. Learn how to query the most used data tables in Microsoft Sentinel.

Learning objectives

Upon completion of this module, the learner will be able to:

Use the Logs page to view data tables in Microsoft Sentinel
Query the most used tables using Microsoft Sentinel

Prerequisites

Basic knowledge of operational concepts such as monitoring, logging, and alerting

Introduction min
Query logs in the logs page min
Understand Microsoft Sentinel tables min
Understand common tables min
Understand Microsoft Defender XDR tables min
Knowledge check min
Summary and resources min