Use watchlists in Microsoft Sentinel

Module
6 Units

Intermediate

Security Operations Analyst

Azure

Microsoft Sentinel

Learn how to create Microsoft Sentinel watchlists that are a named list of imported data. Once created, you can easily use the named watchlist in KQL queries.

Learning objectives

Upon completion of this module, the learner is able to:

Create a watchlist in Microsoft Sentinel
Use KQL to access the watchlist in Microsoft Sentinel

Get started with Azure

Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.

Introduction min
Plan for watchlists min
Create a watchlist min
Manage watchlists min
Module assessment min
Summary and resources min