SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
At a glance
-
Level
-
Skill
-
Product
-
Subject
Write Kusto Query Language (KQL) statements to query log data to perform detections, analysis, and reporting in Microsoft Sentinel. This learning path will focus on the most used operators. The example KQL statements will showcase security related table queries.
Prerequisites
Basic understanding of scripting concepts.
Get started with Azure
Choose the Azure account that's right for you. Pay as you go or try Azure free for up to 30 days. Sign up.
Achievement Code
Would you like to request an achievement code?
Modules in this learning path
Kusto Query Language (KQL) is the query language used to perform analysis on data to create analytics, workbooks, and perform hunting in Microsoft Sentinel. Learn how basic KQL statement structure provides the foundation to build more complex statements.
Learn how to summarize and visualize data with a KQL statement provides the foundation to build detections in Microsoft Sentinel.
Learn how to work with multiple tables using KQL.
Learn how to use the Kusto Query Language (KQL) to manipulate string data ingested from log sources.