Azure Sentinel Query Language

Prev Question Next Question

Question

You have configured an Azure Sentinel solution and wish to proactively look for security threats using Hunting in the Sentinel Portal.

Which query language must you use when searching for threats?

Answers

A. Transact-SQL

B. Gremlin query language

C. MySQL

D. Kusto query language.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer: D

Hunting in Azure Sentinel is based on Kusto query language.

This is a read-only request to process data and return results.

The request is stated in plain text, using a data-flow model designed to make the syntax easy to read, author, and automate.

designed to make the syntax easy to read, author, and automate.

* Powerful query language with IntelliSense: Hunting queries are built in Kusto Query Language (KQL), a query language that
gives you the power and flexibility you need to take hunting to the next level. It's the same language used by the queries in
your analytics rules and elsewhere in Azure Sentinel.

Option A is incorrect.

T-SQL (Transact-SQL) is a set of programming extensions from Sybase and Microsoft that add several features to the Structured Query Language.

Some of the tools that use T-SQL are SQL Server Management Studio, Azure Data Studio, SQL Server Data Tools and sqlcmd.

Option B is incorrect.

Gremlin is a query language used to retrieve data from and modify data in the applications graph.

Azure Cosmos DB supports Gremlin.

Option C is incorrect.

MySQL is an open source relational database management system with a client-server model.

Azure Database for MySQL supports MySQL.

Reference:

To know more about Azure Sentinel Hunting, please refer to the link below:

The query language that must be used when searching for security threats in the Azure Sentinel portal is the Kusto query language, which is also known as KQL (Kusto Query Language).

Kusto is a query language used to query Azure services such as Azure Sentinel, Azure Log Analytics, and Azure Data Explorer. It is a powerful and intuitive language that allows users to analyze and visualize large amounts of data quickly and efficiently.

Kusto query language is designed to be simple, yet powerful, and it uses a SQL-like syntax. It is optimized for handling big data and can efficiently analyze large volumes of data in real-time. It also supports a wide range of data types and functions, making it a flexible and versatile language for data analysis.

When hunting for security threats in Azure Sentinel, users can write Kusto queries to search for specific events or patterns in their data. For example, users can create queries to search for failed logins, suspicious network activity, or other indicators of compromise.

In summary, the Kusto query language is essential for proactively looking for security threats in the Azure Sentinel portal. It provides a powerful and efficient way to search and analyze large amounts of data, making it a valuable tool for security analysts and administrators.

Prev Question Next Question