KQL

Get hands-on with analysing security logs to detect and investigate threats efficiently using KQL.
Kusto Query Language (KQL) is a highly efficient, read-only query language used in various Microsoft services, such as Azure Data Explorer, Azure Monitor, and Microsoft Sentinel. This makes it accessible to analysts, developers, and IT professionals for querying log data. This module will help you become more comfortable using KQL query syntax, from basic to advanced level queries, to analyze logs from different sources and detect anomalies using various KQL operators and functions.

0%
KQL (Kusto): Introduction
This room introduces you to Kusto Query Language and provides an overview of Microsoft Sentinel.
0%
KQL (Kusto): Basic Queries
This room is designed to work you through basic KQL queries for analyzing security logs.
0%
KQL (Kusto): Advanced Queries
Learn about advanced KQL queries and how to leverage the power of Microsoft KQL.
What are modules?
A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).
