The Definitive Guide to KQL : Using Kusto Query Language for operations, defending, and threat hunting

Turn the avalanche of raw data from Azure Data Explorer, Azure Monitor, Microsoft Sentinel, and other Microsoft data platforms into actionable intelligence with KQL (Kusto Query Language). Experts in information security and analysis guide you through what it takes to automate your approach to risk assessment and remediation, speeding up detection time while reducing manual work using KQL. This accessible and practical guide—designed for a broad range of people with varying experience in KQL—will quickly make KQL second nature for information security. Solve real problems with Kusto Query Language— and build your competitive advantage: Learn the fundamentals of KQL—what it is and where it is usedExamine the anatomy of a KQL queryUnderstand why data summation and aggregation is importantSee examples of data summation, including count, countif, and dcountLearn the benefits of moving from raw data ingestion to a more automated approach for security operationsUnlock how to write efficient and effective queriesWork with advanced KQL operators, advanced data strings, and multivalued stringsExplore KQL for day-to-day admin tasks, performance, and troubleshootingUse KQL across Azure, including app services and function appsDelve into defending and threat hunting using KQLRecognize indicators of compromise and anomaly detectionLearn to access and contribute to hunting queries via GitHub and workbooks via Microsoft Entra ID

Turn the avalanche of raw data from Azure Data Explorer, Azure Monitor, Microsoft Sentinel, and other Microsoft data platforms into actionable intelligence with KQL (Kusto Query Language). Experts in information security and analysis guide you through what it takes to automate your approach to risk assessment and remediation, speeding up detection time while reducing manual work using KQL. This accessible and practical guide—designed for a broad range of people with varying experience in KQL—will quickly make KQL second nature for information security.

Solve real problems with Kusto Query Language— and build your competitive advantage:

• Learn the fundamentals of KQL—what it is and where it is used
• Examine the anatomy of a KQL query
• Understand why data summation and aggregation is important
• See examples of data summation, including count, countif, and dcount
• Learn the benefits of moving from raw data ingestion to a more automated approach for security operations
• Unlock how to write efficient and effective queries
• Work with advanced KQL operators, advanced data strings, and multivalued strings
• Explore KQL for day-to-day admin tasks, performance, and troubleshooting
• Use KQL across Azure, including app services and function apps
• Delve into defending and threat hunting using KQL
• Recognize indicators of compromise and anomaly detection
• Learn to access and contribute to hunting queries via GitHub and workbooks via Microsoft Entra ID