I'm a new Sentinel user with a basic cybersecurity background. I'm not given much training at all, and my team just got access to Sentinel, so apologies if this sounds dumb.

Boss asked me "write KQL queries and find threats". From the "General > Logs" tab, I wrote some queries about executables in email attachments and odd process activity and found anomalies; boss was happy.

Now I'm asked to start covering as much of the MITRE ATT&CK Enterprise Matrix as I can. At this point I have no idea what I should be doing and I have these questions:

1. Does Sentinel not already offer basic queries for all of the MITRE techniques? It would seem dumb that every enterprise have to write their own.

2. I doubt I can run hundreds of queries on my own everyday and analyze the results. What's the workflow to schedule daily queries?

3. Where to analyze the output of such scheduled queries? How to whitelist certain rows, put alerts?