Название: The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting
Автор: Mark Morowczynski, Rod Trent, Matthew Zorich
Издательство: Microsoft Press/Pearson Education
Год: 2024
Страниц: 478
Язык: английский
Формат: pdf (true)
Размер: 19.1 MB
Turn the avalanche of raw data from Azure Data Explorer, Azure Monitor, Microsoft Sentinel, and other Microsoft data platforms into actionable intelligence with KQL (Kusto Query Language). Experts in information security and analysis guide you through what it takes to automate your approach to risk assessment and remediation, speeding up detection time while reducing manual work using KQL. This accessible and practical guidedesigned for a broad range of people with varying experience in KQLwill quickly make KQL second nature for information security. KQL is a powerful query language that helps analyze a large volume of structured, semi structured, and unstructured data. KQL has inbuilt operators and functions that lets a user analyze data to find trends, patterns, anomalies, create forecasting, and machine learning. KQL underpins a variety of Microsoft cloud products - Microsoft Sentinel, Azure Data Explorer, Microsoft 365 Advanced Hunting, Azure Resource Graph, Azure Monitor and more. KQL has similarities with SQL language as well. KQL allows to write data queries and control commands for the database and the database tables. One solution is KQL—Kusto Query Language—a powerful and expressive language that enables the querying and manipulation of large volumes of data in Azure Data Explorer, Azure Monitor, Azure Sentinel, and other Microsoft data platforms. KQL can help perform complex queries, apply advanced functions, and leverage operators to transform data into meaningful information. KQL can also help visualize data, create dashboards, and automate workflows.