Get hands-on with analysing security logs to detect and investigate threats efficiently using KQL.

Kusto Query Language (KQL) is a highly efficient, read-only query language used in various Microsoft services, such as Azure Data Explorer, Azure Monitor, and Microsoft Sentinel. This makes it accessible to analysts, developers, and IT professionals for querying log data. This module will help you become more comfortable using KQL query syntax, from basic to advanced level queries, to analyze logs from different sources and detect anomalies using various KQL operators and functions.

KQL (Kusto): Introduction

This room introduces you to Kusto Query Language and provides an overview of Microsoft Sentinel.

KQL (Kusto): Basic Queries

This room is designed to work you through basic KQL queries for analyzing security logs.

KQL (Kusto): Advanced Queries

Learn about advanced KQL queries and how to leverage the power of Microsoft KQL.

Topic Rewind Recap

Lock in what you learned with a recap. Earn points and keep your streak.

What are modules?

A learning pathway is made up of modules, and a module is made of bite-sized rooms (think of a room like a mini security lab).

Hierarchical diagram showing how learning pathways contain modules, which contain individual rooms.