Investigating Security Incidents #2 - Log Analysis Language Basics

Video #2 of the 10 part series. In this series we learn the basics of how to understand and filter through logs using Microsoft Sentinel and KQL. This episode is aimed to equip our audience with the basic knowledge that will help them perform more in-depth investigation of cybersecurity incidents. For aspiring incident response and SOC analysts, this video is certainly going to add a lot of value. The goal of this video - Introduction to KQL and Microsoft Sentinel - Learn the basic syntax and concepts of KQL - Use KQL to perform basic log filtering and analysis We encourage the viewers to try out the hands-on practice before moving to the next videos of this series. Hands-on training - Intro to KQL Workbook: techcommunity.microsoft.com/t5/microsoft-sentinel-… - Detective Kusto: detective.kusto.io/ - Microsoft Learn: learn.microsoft.com/en-us/training/modules/analyze… Timestamps Intro - 00:00 What is log analysis? - 00:19 Overview of Sentinel workspace? 04:22 Querying a table - 06:22 Limit - 7:44 Distinct - 12:00 Where - 15:32 Search 18:38 Time 19:42 Conclusion 21:41 ----- Follow us on LinkedIn: www.linkedin.com/company/everything-cyber/ Listen on Spotify: Everything Cyber Our Hosts: Kaif Ahsan - www.linkedin.com/in/kaif-ahsan/ Kumar Soorya - www.linkedin.com/in/kumar-soorya/ Music: Motivational Day from AudioCoffee

• #science_technology
• #cybersecurity
• #dfir
• #incident_response
• #log_analysis