We have integrated MCAS with Azure Sentinel using the data connector available. All the logs are being sent to Sentinel and so far it is good. To dig deeper and understand the logs by using KQL, I was looking for a few use case examples that would help us. Any documentation or links that you people can direct me to?
I came across this article and it is good!! Looking for a few more examples like this. Apart from this any other documentation that would help to help understand Sentinel better?
But this is not what exactly I am looking for. Let me give you an example for this
I want to be able to write queries to deep dive into the logs we get, parse the json parameters that we have and use the columns after parsing into an alert for Logic Apps. I was looking for documentations like the one I shared in the post to be able to make more sense out of the logs. Is it doable?