The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting

Chapter 6 Advanced KQL Cybersecurity Use Cases and Operators

After completing this chapter, you will be able to:

Understand and use advanced operators
Understand how to contribute to the KQL community

In this final chapter, we will expand on all the KQL from our security scenarios and move into some more advanced operators and use cases. Even though the queries and operators you see in this section are more advanced, we hope you have learned enough to follow along. Importantly, while these aren’t full scenarios like we previously worked through, all the queries and examples you see are still based on real-world use cases. This chapter isn’t a definitive list of every function and operator in KQL. Instead, we covered just the ones that skew ...

Get The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting by Mark Morowczynski, Rod Trent, Matthew Zorich

Chapter 6

Advanced KQL Cybersecurity Use Cases and Operators

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly