You're reading from Microsoft Sentinel in Action Architect, design, implement, and operate Microsoft Sentinel as the core of your security solutions

Product type Paperback

Published in Feb 2022

Publisher Packt

ISBN-13 9781801815536

Length 478 pages

Edition 2nd Edition

Tools

Azure Functions

Concepts

Cybersecurity

Authors (2):

Richard Diver

Gary Bushey

View More author details

Table of Contents (23) Chapters

Preface

1. Section 1: Design and Implementation

2. Chapter 1: Getting Started with Microsoft Sentinel FREE CHAPTER

3. Chapter 2: Azure Monitor – Introduction to Log Analytics

4. Section 2: Data Connectors, Management, and Queries

5. Chapter 3: Managing and Collecting Data

6. Chapter 4: Integrating Threat Intelligence with Microsoft Sentinel

7. Chapter 5: Using the Kusto Query Language (KQL)

8. Chapter 6: Microsoft Sentinel Logs and Writing Queries

9. Section 3: Security Threat Hunting

10. Chapter 7: Creating Analytic Rules

11. Chapter 8: Creating and Using Workbooks

12. Chapter 9: Incident Management

13. Chapter 10: Configuring and Using Entity Behavior

14. Chapter 11: Threat Hunting in Microsoft Sentinel

15. Section 4: Integration and Automation

16. Chapter 12: Creating Playbooks and Automation

17. Chapter 13: ServiceNow Integration for Alert and Case Management

18. Section 5: Operational Guidance

19. Chapter 14: Operational Tasks for Microsoft Sentinel

20. Chapter 15: Constant Learning and Community Contribution

21. Assessments

22. Other Books You May Enjoy

Writing a query

Now that you have seen how to use the Logs page in Microsoft Sentinel, it's time to use your new skills to write your own queries. No matter what the query is, there are a few basic steps you will take to create your query:

Have an idea of what information you are looking for. Do you need to know which computers are currently active? What actions a user performed in SharePoint? What data has been ingested? This will give you an idea of what log(s) you will need to look at. Look at Chapter 11, Threat Hunting in Microsoft Sentinel, for information on one way to keep track of this data.
Once you have an idea of which table you want to look at, the next step is to look at a small number of rows in that table to get a better understanding of the data that is stored in it.
One of the easiest ways to do this is to find the table in the Tables pane, hover over it, and click on the See preview data link in the pop-up window. This will show up to 10 rows from...

The rest of the chapter is locked

You're reading from Microsoft Sentinel in Action Architect, design, implement, and operate Microsoft Sentinel as the core of your security solutions

Table of Contents (23) Chapters

Writing a query

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you