Skip to Main Content
The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting
book

The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting

by Mark Morowczynski, Rod Trent, Matthew Zorich
June 2024
Intermediate to advanced content levelIntermediate to advanced
480 pages
15h 11m
English
Microsoft Press
Content preview from The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting

Chapter 6

Advanced KQL Cybersecurity Use Cases and Operators

After completing this chapter, you will be able to:

  • Understand and use advanced operators

  • Understand how to contribute to the KQL community

In this final chapter, we will expand on all the KQL from our security scenarios and move into some more advanced operators and use cases. Even though the queries and operators you see in this section are more advanced, we hope you have learned enough to follow along. Importantly, while these aren’t full scenarios like we previously worked through, all the queries and examples you see are still based on real-world use cases. This chapter isn’t a definitive list of every function and operator in KQL. Instead, we covered just the ones that skew ...

Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
and much more.
Start your free trial

You might also like

CompTIA Security+ SY0-701

CompTIA Security+ SY0-701

Sari Greene
SC-200 Microsoft Security Operations Analyst

SC-200 Microsoft Security Operations Analyst

ACI Learning, Anthony Sequeira, Lauren Deal

Publisher Resources

ISBN: 9780138293482