Query Language for Threat Hunting
Question
You have configured an Azure Sentinel solution and wish to proactively look for security threats using Hunting in the Sentinel Portal.
Which query language must you use when searching for threats?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: D
Hunting in Azure Sentinel is based on Kusto query language.This is a read-only request to process data and return results.
The request is stated in plain text, using a data-flow model designed to make the syntax easy to read, author, and automate.
designed to make the syntax easy to read, author, and automate.
/answer/imgckeditor_10.png)
Option A is incorrect.
T-SQL (Transact-SQL) is a set of programming extensions from Sybase and Microsoft that add several features to the Structured Query Language.
Some of the tools that use T-SQL are SQL Server Management Studio, Azure Data Studio, SQL Server Data Tools and sqlcmd.
Option B is incorrect.
Gremlin is a query language used to retrieve data from and modify data in the applications graph.
Azure Cosmos DB supports Gremlin.
Option C is incorrect.
MySQL is an open source relational database management system with a client-server model.
Azure Database for MySQL supports MySQL.
To know more about Azure Sentinel Hunting, please refer to the link below:
The query language that must be used when searching for security threats in Azure Sentinel is D) Kusto query language.
Kusto Query Language (KQL) is a query language used in various Microsoft products, including Azure Sentinel. KQL is designed to be intuitive and easy to use, even for those who are not experienced in coding. KQL is used to analyze large amounts of data and can quickly generate insights from the data.
Azure Sentinel is a cloud-native security information and event management (SIEM) service that uses artificial intelligence (AI) and machine learning (ML) to analyze data from various sources to detect threats. The hunting feature in Azure Sentinel allows security analysts to proactively search for threats by using the Kusto Query Language.
By using KQL in Azure Sentinel, security analysts can create custom queries to search for specific security threats. KQL provides a powerful and flexible way to analyze data, allowing security analysts to identify and investigate security incidents quickly.
In summary, the correct answer to the question is D) Kusto query language, which is the query language used in Azure Sentinel to search for security threats.