| title | description | author | ms.topic | ms.date | ms.author | ms.custom |
|---|---|---|---|---|---|---|
Useful resources for working with Kusto Query Language in Microsoft Sentinel |
This document provides you with a list of useful resources for working with Kusto Query Language in Microsoft Sentinel. |
yelevin |
conceptual |
01/10/2022 |
yelevin |
ignite-fall-2021 |
[!INCLUDE Banner for top of topics]
Microsoft Sentinel uses Azure Monitor's Log Analytics environment and the Kusto Query Language (KQL) to build the queries that undergird much of Sentinel's functionality, from analytics rules to workbooks to hunting. This article lists resources that can help you skill up in working with Kusto Query Language, which will give you more tools to work with Microsoft Sentinel, whether as a security engineer or analyst.
- Write your first query with Kusto Query Language
- Learning path SC-200: Create queries for Microsoft Sentinel using Kusto Query Language (KQL)
- Advanced KQL Framework Workbook - Empowering you to become KQL-savvy (includes webinar)
- Using KQL functions to speed up analysis in Azure Sentinel (advanced level)
- Ofer Shezaf's blog series on correlation rules using KQL operators:
- Rod Trent's Must Learn KQL series
- Pluralsight training: Kusto Query Language from Scratch
- Log Analytics demo environment
[!div class="nextstepaction"] Get certified!
[!div class="nextstepaction"] Read customer use case stories