Course description
If you want to address security within the Microsoft Azure environment, and especially if you implement and use services such as Azure Monitor (Application Insights, Log Analytics), use Data Lake, or detect and hunt a hacker using Azure Sentinel or Microsoft Defender for Endpoint, then without Kusto language You can't bypass Query Language. At the training, we will show you all the commands, the composition of the query and you will learn the techniques that are necessary for the construction of complex correlation rules. During the training, we will prepare these correlation rules and then adapt them to Azure Workbooks and Azure Dashboard or connect them to the Open source Grafana tool.
Required knowledge
Basic analytical knowledge, basic knowledge of database schema and possibly knowledge of object-oriented programming and data communication.
Target audience
The course is intended for analysts who set correlation rules within Microsoft security technologies, or may be a suitable basis for deep hunting in the Microsoft cloud environment.
Materials
Materials in electronic form.
Objectives
Introduction to Kusto Query Language, a tool for correlation and data analytics not only in the Azure Sentinel.