Skip to Main Content
The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting
book

The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting

by Mark Morowczynski, Rod Trent, Matthew Zorich
June 2024
Intermediate to advanced content levelIntermediate to advanced
480 pages
15h 11m
English
Microsoft Press
Content preview from The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting

Chapter 5

KQL for Cybersecurity—Defending and Threat Hunting

After completing this chapter, you will be able to:

  • Understand the advantages of using KQL day-to-day in cybersecurity

  • Utilize specific operators that allow for in-depth examination of data across time intervals

  • Understand how KQL can aid real-world investigations

  • Use KQL operators to be able to analyze various data sources efficiently

  • Combine many data sources to craft single queries

While this section of the book will have plenty of example queries we hope you can utilize in your environment, the most important thing we want you to take away is why KQL is used in cybersecurity. We want to give you the knowledge about where you can use KQL in your day-to-day life, where it can save ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

CompTIA Security+ SY0-701

CompTIA Security+ SY0-701

Sari Greene
SC-200 Microsoft Security Operations Analyst

SC-200 Microsoft Security Operations Analyst

ACI Learning, Anthony Sequeira, Lauren Deal

Publisher Resources

ISBN: 9780138293482