SC-200 part 7: Create detections and perform investigations using Azure Sentinel

Security Engineer

Detect previously uncovered threats and rapidly remediate threats with built-in orchestration and automation in Azure Sentinel. This learning path aligns with Exam SC-200: Security Operation Analyst.


  • Understand how to use KQL in Azure Sentinel like you could learn from SC-200 part 4: Create queries for Azure Sentinel using Kusto Query Language (KQL)
  • Understand how data is connected to Azure Sentinel like you could learn from SC-200 part 6: Connect logs to Azure Sentinel

Modules in this learning path

In this module, you learned how Azure Sentinel Analytics can help the SecOps team identify and stop cyber attacks.

This module describes how to create Azure Sentinel playbooks to respond to security threats.

In this module, you'll investigate Azure Sentinel incident management, learn about Azure Sentinel events and entities, and discover ways to resolve incidents.

Learn how to use entity behavior analytics in Azure Sentinel to identify threats inside your organization.

This module describes how to query, visualize, and monitor data in Azure Sentinel.