Microsoft Azure Sentinel: Planning and implementing Microsoft s cloud-native SIEM solution

Appendix A. Introduction to Kusto Query Language

By Mike Kassis,Senior Program ManagerMicrosoft Cxe Security

The Kusto Query Language, referred to as KQL in this book, is the language you will use to work with and manipulate your data consumed by Azure Sentinel. The logs you feed into your workspace aren’t worth much if you can’t visualize and analyze the important data therein. The best part of KQL is that the power and flexibility of the language is matched by its simplicity. If you have a background in scripting or working with databases, much of what I cover here will feel very familiar. If not, don’t worry, you will walk away from this appendix ready to start writing your own queries and driving value for your organization.

This appendix ...

Get Microsoft Azure Sentinel: Planning and implementing Microsoft s cloud-native SIEM solution now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Microsoft Azure Sentinel: Planning and implementing Microsoft s cloud-native SIEM solution by Yuri Diogenes, Nicholas DiCola, Jonathan Trull

Appendix A. Introduction to Kusto Query Language

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly