The Definitive Guide to KQL: Using Kusto Query Language for Operations, Defending, and Threat Hunting (for True Epub) by Mark Morowczynski Rod Trent Matthew Zorich

Author:Mark Morowczynski, Rod Trent, Matthew Zorich
Language: eng
Format: epub
Publisher: Microsoft Press
Published: 2024-03-15T00:00:00+00:00

Why KQL for security?

If you have made it this far in the book, then you realize that KQL wasn’t designed from the ground up as a tool to be used within the security realm. It started its life as a monitoring tool to understand application performance within Azure Application Insights. There are similarities between the capabilities of hunting and application performance monitoring tools, such as quickly querying a massive amount of time-sequential data and detecting patterns, anomalies, and outliers.

We think saying that KQL is really good at querying log data is a massive understatement and sells the platform incredibly short. As people who write hundreds and thousands of queries each month, the thing that stands out to us while using KQL with cybersecurity is the flexibility it provides. These statements aren’t designed as a marketing pitch. If you bought and read this book, chances are you have been exposed to KQL already and are looking to bolster your knowledge. As you read this book, we hope you regularly stop and think, “Wait. I can do that with KQL?” Better still, we hope you can apply that knowledge to your environment to make a genuine impact.

Figure 5-1 shows how cybersecurity professionals can use KQL. Throughout this chapter, we’ll discuss each of the points outlined here.

Download

Copyright Disclaimer:
This site does not store any files on its server. We only index and link to content provided by other sites. Please contact the content providers to delete copyright contents if any and email us, we'll remove relevant links or contents immediately.