Learn how to set up scheduled query rules in Azure Sentinel. Explore the power of Kusto queries for effective threat detection and security in your environment.
Question
Table of Contents
You have an Azure Sentinel deployment. You need to create a scheduled query rule named Rule1. What should you use to define the query rule logic for Rule1?
A. a Transact-SQL statement
B. a JSON definition
C. GraphQL
D. a Kusto query
Answer
D. a Kusto query
Explanation
A scheduled query rule is a type of analytics rule in Azure Sentinel that runs a query on a specified schedule and generates alerts or incidents based on the results. To define the query rule logic for a scheduled query rule, you need to use a Kusto query, which is a query written in Kusto Query Language (KQL). KQL is the language used to query data in Azure Data Explorer, Log Analytics, and Azure Sentinel.
A Transact-SQL statement is a query written in Transact-SQL, which is the language used to query data in Azure SQL Database and Azure Synapse Analytics. A Transact-SQL statement cannot be used to define the query rule logic for a scheduled query rule in Azure Sentinel.
A JSON definition is a data format that uses JavaScript Object Notation (JSON) to represent structured or semi-structured data. A JSON definition cannot be used to define the query rule logic for a scheduled query rule in Azure Sentinel.
GraphQL is a query language and runtime for APIs that allows clients to specify the data they need from a server. GraphQL cannot be used to define the query rule logic for a scheduled query rule in Azure Sentinel.
Reference
- Azure > Security > Microsoft Sentinel > Create custom analytics rules to detect threats
The latest Microsoft AZ-500 Azure Security Technologies certification actual real practice exam question and answer (Q&A) dumps are available free, which are helpful for you to pass the Microsoft AZ-500 Azure Security Technologies exam and earn Microsoft AZ-500 Azure Security Technologies certification.
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
