Analyze query results using KQL

Module
7 Units

Intermediate

Security Operations Analyst

Microsoft Sentinel

Azure Log Analytics

Microsoft Defender XDR

Learn how to summarize and visualize data with a KQL statement provides the foundation to build detections in Microsoft Sentinel.

Learning objectives

Upon completion of this module, the learner will be able to:

Summarize data using KQL statements
Render visualizations using KQL statements

Prerequisites

Familiarity with security operations in an organization.
Basic experience with Azure services.

Introduction min
Use the summarize operator min
Use the summarize operator to filter results min
Use the summarize operator to prepare data min
Use the render operator to create visualizations min
Knowledge check min
Summary and resources min