SC-200 Microsoft Security Operations Analyst, Part 5 of 9: Kusto Query Language
with expert Cristian Calinescu
Watch trailer
Course at a glance
Included in these subscriptions:
- Dev & IT Pro Video
- Dev & IT Pro Power Pack
| Release date | 3/25/2022 | |
| Level | Intermediate | |
| Runtime | 1h 11m | |
| Closed captioning | N/A | |
| Transcript | N/A | |
| eBooks / courseware | N/A | |
| Hands-on labs | N/A | |
| Sample code | Included | |
| Exams | Included |
Course description
The SC-200 Microsoft Security Operations Analyst exam measures your ability to accomplish the following technical tasks: mitigate threats using Microsoft 365 Defender (25-30%); mitigate threats using Microsoft Defender for Cloud (25-30%); and mitigate threats using Microsoft Sentinel (40-45%) .
This course covers Kusto Query Language queries for Microsoft Sentinel.
Prerequisites
Basic understanding of Microsoft 365, environment, security, compliance and identity products.
Windows 10/11
familiarity wit Azure services, DB, Storage
basic understanding of Scripting concepts
Meet the expert
Cristian Calinescu is a Microsoft certified Azure Solutions Architect Expert, Senior Infrastructure Engineer and Infrastructure Security Operations Manager.
Course outline
Module 8
Construct KQL Statements for Microsoft Sentinel (33:58)
- Introduction (00:08)
- Construct KQL statements for Microsoft Sentinel (05:10)
- Demo: KQL (28:31)
- Summary (00:08)
Analyze Query Results (37:36)
- Introduction (00:08)
- Analyze query results (00:18)
- Demo: Analyze Query Results (15:13)
- Build Multi-Table queries in KQL (00:41)
- Demo: Multi-table Queries (07:30)
- Use Join Operator (02:21)
- Work with string data using KQL (00:39)
- Extract Data from Unstructured String Fields (10:35)
- Summary (00:08)