cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

How to execute KQL queries in Sentinel Notebooks?

printscreen
Brass Contributor

‎Feb 01 2021 07:04 AM

‎Feb 01 2021 07:04 AM

How to execute KQL queries in Sentinel Notebooks?

Hi. I have installed kqlmagic library and trying to connect to my log analytics workspace to execute the kql queries in Notebooks. Can anyone help me the different approaches on how to connect to the specific workspace and execute kql queries in Notebooks?

 

I'm aware of this below approach on connecting to the specific workspace and executing kql queries, but I'm looking for another way?

 

%kql loganalytics://tenant=TENANT_ID;clientid=CLIENT_ID;clientsecret=APP_ID;workspace=WORKSPACE_ID;alias='azsecdb'

 

2,206 Views
0 Likes
2 Replies
Reply
2 Replies
Gary Bushey

‎Feb 01 2021 09:54 AM

‎Feb 01 2021 09:54 AM

Re: How to execute KQL queries in Sentinel Notebooks?

@printscreen This Azure Sentinel notebook gives a few ways "A Getting Started Guide For Azure Sentinel ML Notebooks".   This is definitely a good notebook to go through as it gives you an overview of what the notebooks can do.

 

There is a PowerShell version of this as well, A Getting Started Guide for Azure Sentinel notebooks with PowerShell,  if you prefer to use PowerShell instead of Python.  It does not use the kqlmagic library but rather makes PowerShell calls to get the Azure Sentinel information 

0 Likes
Reply
MunteanuStefan

‎May 05 2023 04:01 AM

‎May 05 2023 04:01 AM

Re: How to execute KQL queries in Sentinel Notebooks?

Hello,
To be able to run a KQL query in a Microsoft Sentinel notebook you need to install the MSTICPy or KQLMagic library and use a %kql magic command at the start of a query.
0 Likes
Reply