Use watchlists in Microsoft Sentinel

Module
6 Units

Intermediate

Security Operations Analyst

Azure

Microsoft Sentinel

Learn how to create Microsoft Sentinel watchlists that are a named list of imported data. Once created, you can easily use the named watchlist in KQL queries.

Learning objectives

Upon completion of this module, the learner will be able to:

Create a watchlist in Microsoft Sentinel
Use KQL to access the watchlist in Microsoft Sentinel

Introduction min
Plan for watchlists min
Create a watchlist min
Manage watchlists min
Knowledge check min
Summary and resources min