The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting
Mark Morowczynski, Rod Trent, Matthew ZorichSolve real problems with Kusto Query Language and build your competitive advantage
• Learn the fundamentals of KQLwhat it is and where it is used
• Examine the anatomy of a KQL query
• Understand why data summation and aggregation is important
• See examples of data summation, including count, countif, and dcount
• Learn the benefits of moving from raw data ingestion to a more automated approach for security operations
• Unlock how to write efficient and effective queries
• Work with advanced KQL operators, advanced data strings, and multivalued strings
• Explore KQL for day-to-day admin tasks, performance, and troubleshooting
• Use KQL across Azure, including app services and function apps
• Delve into defending and threat hunting using KQL
• Recognize indicators of compromise and anomaly detection
• Learn to access and contribute to hunting queries via GitHub and workbooks via Microsoft Entra ID