Useful resources for working with Kusto Query Language in Microsoft Sentinel

Note

Azure Sentinel is now called Microsoft Sentinel, and we’ll be updating these pages in the coming weeks. Learn more about recent Microsoft security enhancements.

Microsoft Sentinel uses Azure Monitor's Log Analytics environment and the Kusto Query Language (KQL) to build the queries that undergird much of Sentinel's functionality, from analytics rules to workbooks to hunting. This article lists resources that can help you skill up in working with Kusto Query Language, which will give you more tools to work with Microsoft Sentinel, whether as a security engineer or analyst.

Microsoft Docs and Learn

Microsoft Sentinel documentation

Azure Monitor documentation

Reference guides

Microsoft Sentinel Learn modules

Other resources

Microsoft TechCommunity blogs

Training and skilling resources

Next steps