From the course: Implementing and Administering Microsoft Sentinel
Join today to access over 24,600 courses taught by industry experts.
Kusto query language quickstart
From the course: Implementing and Administering Microsoft Sentinel
Kusto query language quickstart
- [Instructor] Kusto Query Language or KQL is the language of Azure Log Analytics and thus the language of Microsoft Sentinel and will be used in all of our proactive hunting queries as well as those out-of-box rules you'll find in your Sentinel instance. And the best way I know to get comfortable with KQL is to put your hands on it. So we're going to do that together briefly right now using some sample data available at dataexplorer.azure.com. And at this URL, I will find a samples data repository with several tables containing various sample datasets. I'm going to work with the Storm Event Table. And if I simply type Storm Event and click Run, it's going to return all the records in the table, currently around 59,000, returned in less than 10 seconds. And that query performance at scale that we find in Log Analytics is a good contributor to the power of Microsoft Sentinel in processing our security events and alert at scale in applying machine learning and AI in a scalable fashion…
Practice while you learn with exercise files
Download the files the instructor uses to teach the course. Follow along and learn by watching, listening and practicing.
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.