SC-200 - Perform Threat Hunting - Section 3.3
Create and manage Microsoft Sentinel hunting queries, KQL jobs in the Data lake, and Summary rule tables.
Create and manage hunting queries and bookmarks in Microsoft Sentinel to track leads and share findings across the SOC team. Run KQL jobs against the Data lake tier for large-scale historical searches, and use Summary rule tables to pre-aggregate frequent query patterns for faster ongoing hunting.
hunting queries and bookmarksmonitoring hunting queriesKQL jobs in Data lakeSummary rule tables for querying
More in this domain
Back to all Perform Threat Hunting objectives, or the SC-200 cert hub.
Examworthy is not affiliated with or endorsed by Microsoft. Original, blueprint-aligned practice material only.