SC-200 part 8: Perform threat hunting in Azure Sentinel

Security Engineer

Proactively hunt for security threats using the Azure Sentinel powerful threat hunting tools. This learning path aligns with exam SC-200: Microsoft Security Operations Analyst.


  • Ability to use KQL in Azure Sentinel like you could learn from SC-200 part 4: Create queries for Azure Sentinel using Kusto Query Language (KQL)
  • Know how to create detections and perform investigations like you could learn from SC-200 part 7: Create detections and perform investigations using Azure Sentinel

Modules in this learning path

Learn the threat hunting process in Azure Sentinel.

In this module, you'll learn to proactively identify threat behaviors by using Azure Sentinel queries. You'll also learn to use bookmarks and livestream to hunt threats.

Learn how to use notebooks in Azure Sentinel for advanced hunting.