├── .gitignore ├── Chapter 1: Introduction ├── Query Samples │ ├── 1.Fundamental_Concepts.md │ ├── 2.Searching_and_Filtering.md │ ├── 3.Data_Manipulation.md │ ├── 4.Just_Enough_User_Interface.md │ ├── 5.Time_Operators.md │ └── 6.Miscellaneous_Fundamentals.md └── README.md ├── Chapter 2: Data Aggregation ├── Query Samples │ ├── 1.Obfuscating_Results.md │ ├── 2.Distinct_and_Count.md │ ├── 3.Min_Max_Average_and_Sum.md │ ├── 4.Bins_Percentages_and_Percentiles.md │ ├── 5.Lists_and_Sets.md │ ├── 6.Visualizing_Data_with_the_Render_Operator.md │ └── 7.Aggregation_Functions_Usage_in_Other_Operators.md └── README.md ├── Chapter 3: Advanced KQL ├── Data Samples │ ├── README.md │ └── thresholds.csv ├── Query Samples │ ├── 1.Creating_Constants_with_let.md │ ├── 10.Working_with_JSON.md │ ├── 11.Time_Series_Analysis.md │ ├── 12.Exploring_the_Power_of_Regular_Expressions_in_KQL.md │ ├── 13.Using_the_bin_KQL_Function.md │ ├── 14.Understanding_Functions_in_Kusto_Query_Language.md │ ├── 15.How_to_Use_the_KQL_Materialize_Function.md │ ├── 2.Using_Multiple_Variables_in_Queries.md │ ├── 3.Uniting_Queries_with_KQL_Unions.md │ ├── 4.The_Power_of_Joining_Data.md │ ├── 5.Using_the_Externaldata_KQL_Operator.md │ ├── 6.Query_IP_Ranges_Using_KQL.md │ ├── 7.Using_the_ipv4_is_private_KQL_Function.md │ ├── 8.Working_with_Multivalued_Strings_in_KQL.md │ └── 9.Using_the_base64_decode_tostring_KQL_Function.md └── README.md ├── Chapter 4: Operational Excellence ├── Query Samples │ ├── 1.The_Power_of_KQL_in_IT.md │ ├── 2.Advanced_Hunting_Query_Examples.md │ ├── 3.Common_Security_Challenges_in_the_Cloud.md │ ├── 4.Hands-on Training_Mastering_KQL.md │ ├── 5.KQL_Across_Azure.md │ ├── 6.Using_KQL_for_Microsoft_Intune_for_Diagnostics_and_Compliance.md │ ├── 7.Using_KQL_to_Create_Powerful_Azure_Monitor_Workbooks.md │ ├── 8.Enhancing_Data_Management_and_Efficiency.md │ └── 9.Best_Practices_for_Optimizing_Query_Performance.md └── README.md ├── Chapter 5: KQL for Cyber Security ├── Data Samples │ ├── FirewallLogs.csv │ └── README.md ├── Query Samples │ ├── 1. Cybersecurity-focused Operators.md │ ├── 2. User Compromise in Microsoft 365.md │ ├── 3. Phishing Attacks.md │ ├── 4. Firewall Log Parsing.md │ ├── 5. Auditing Security Posture.md │ ├── 6. Microsoft Entra ID Tenant Compromise.md │ └── 7. Ransomware TTPs.md └── README.md ├── Chapter 6: Advanced KQL for Cyber Security ├── Data Samples │ ├── AADSignInLogs.csv │ ├── FWLogs.csv │ ├── Indicators.csv │ └── README.md ├── Query Samples │ ├── 1. mv-expand and mv-apply.md │ ├── 2. Joins.md │ ├── 3. let statement.md │ ├── 4. iff, case and coalesce.md │ ├── 5. parse and regex.md │ ├── 6. Time operators.md │ ├── 7. Visualizations and time-series analysis.md │ ├── 8. Geolocation.md │ └── 9. Misc operators and functions.md └── README.md ├── Extra Microsoft Employee Submitted Queries └── README.md ├── Other ├── CfSPlugin │ ├── DefinitiveKQL.yaml │ └── Readme.md ├── Data │ ├── Readme.md │ └── definitive-guide-kql_file_structure.csv └── Readme.md └── README.md /.gitignore: -------------------------------------------------------------------------------- 1 | 2 | .DS_Store 3 | -------------------------------------------------------------------------------- /Chapter 1: Introduction/Query Samples/1.Fundamental_Concepts.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 1: Introduction/Query Samples/1.Fundamental_Concepts.md -------------------------------------------------------------------------------- /Chapter 1: Introduction/Query Samples/2.Searching_and_Filtering.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 1: Introduction/Query Samples/2.Searching_and_Filtering.md -------------------------------------------------------------------------------- /Chapter 1: Introduction/Query Samples/3.Data_Manipulation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 1: Introduction/Query Samples/3.Data_Manipulation.md -------------------------------------------------------------------------------- /Chapter 1: Introduction/Query Samples/4.Just_Enough_User_Interface.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 1: Introduction/Query Samples/4.Just_Enough_User_Interface.md -------------------------------------------------------------------------------- /Chapter 1: Introduction/Query Samples/5.Time_Operators.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 1: Introduction/Query Samples/5.Time_Operators.md -------------------------------------------------------------------------------- /Chapter 1: Introduction/Query Samples/6.Miscellaneous_Fundamentals.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 1: Introduction/Query Samples/6.Miscellaneous_Fundamentals.md -------------------------------------------------------------------------------- /Chapter 1: Introduction/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 1: Introduction/README.md -------------------------------------------------------------------------------- /Chapter 2: Data Aggregation/Query Samples/1.Obfuscating_Results.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 2: Data Aggregation/Query Samples/1.Obfuscating_Results.md -------------------------------------------------------------------------------- /Chapter 2: Data Aggregation/Query Samples/2.Distinct_and_Count.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 2: Data Aggregation/Query Samples/2.Distinct_and_Count.md -------------------------------------------------------------------------------- /Chapter 2: Data Aggregation/Query Samples/3.Min_Max_Average_and_Sum.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 2: Data Aggregation/Query Samples/3.Min_Max_Average_and_Sum.md -------------------------------------------------------------------------------- /Chapter 2: Data Aggregation/Query Samples/4.Bins_Percentages_and_Percentiles.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 2: Data Aggregation/Query Samples/4.Bins_Percentages_and_Percentiles.md -------------------------------------------------------------------------------- /Chapter 2: Data Aggregation/Query Samples/5.Lists_and_Sets.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 2: Data Aggregation/Query Samples/5.Lists_and_Sets.md -------------------------------------------------------------------------------- /Chapter 2: Data Aggregation/Query Samples/6.Visualizing_Data_with_the_Render_Operator.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 2: Data Aggregation/Query Samples/6.Visualizing_Data_with_the_Render_Operator.md -------------------------------------------------------------------------------- /Chapter 2: Data Aggregation/Query Samples/7.Aggregation_Functions_Usage_in_Other_Operators.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 2: Data Aggregation/Query Samples/7.Aggregation_Functions_Usage_in_Other_Operators.md -------------------------------------------------------------------------------- /Chapter 2: Data Aggregation/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 2: Data Aggregation/README.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Data Samples/README.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Data Samples/thresholds.csv: -------------------------------------------------------------------------------- 1 | Computer,Threshold 2 | Rod,100 3 | -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Query Samples/1.Creating_Constants_with_let.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/Query Samples/1.Creating_Constants_with_let.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Query Samples/10.Working_with_JSON.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/Query Samples/10.Working_with_JSON.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Query Samples/11.Time_Series_Analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/Query Samples/11.Time_Series_Analysis.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Query Samples/12.Exploring_the_Power_of_Regular_Expressions_in_KQL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/Query Samples/12.Exploring_the_Power_of_Regular_Expressions_in_KQL.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Query Samples/13.Using_the_bin_KQL_Function.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/Query Samples/13.Using_the_bin_KQL_Function.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Query Samples/14.Understanding_Functions_in_Kusto_Query_Language.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/Query Samples/14.Understanding_Functions_in_Kusto_Query_Language.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Query Samples/15.How_to_Use_the_KQL_Materialize_Function.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/Query Samples/15.How_to_Use_the_KQL_Materialize_Function.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Query Samples/2.Using_Multiple_Variables_in_Queries.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/Query Samples/2.Using_Multiple_Variables_in_Queries.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Query Samples/3.Uniting_Queries_with_KQL_Unions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/Query Samples/3.Uniting_Queries_with_KQL_Unions.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Query Samples/4.The_Power_of_Joining_Data.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/Query Samples/4.The_Power_of_Joining_Data.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Query Samples/5.Using_the_Externaldata_KQL_Operator.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/Query Samples/5.Using_the_Externaldata_KQL_Operator.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Query Samples/6.Query_IP_Ranges_Using_KQL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/Query Samples/6.Query_IP_Ranges_Using_KQL.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Query Samples/7.Using_the_ipv4_is_private_KQL_Function.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/Query Samples/7.Using_the_ipv4_is_private_KQL_Function.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Query Samples/8.Working_with_Multivalued_Strings_in_KQL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/Query Samples/8.Working_with_Multivalued_Strings_in_KQL.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/Query Samples/9.Using_the_base64_decode_tostring_KQL_Function.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/Query Samples/9.Using_the_base64_decode_tostring_KQL_Function.md -------------------------------------------------------------------------------- /Chapter 3: Advanced KQL/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 3: Advanced KQL/README.md -------------------------------------------------------------------------------- /Chapter 4: Operational Excellence/Query Samples/1.The_Power_of_KQL_in_IT.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 4: Operational Excellence/Query Samples/1.The_Power_of_KQL_in_IT.md -------------------------------------------------------------------------------- /Chapter 4: Operational Excellence/Query Samples/2.Advanced_Hunting_Query_Examples.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 4: Operational Excellence/Query Samples/2.Advanced_Hunting_Query_Examples.md -------------------------------------------------------------------------------- /Chapter 4: Operational Excellence/Query Samples/3.Common_Security_Challenges_in_the_Cloud.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 4: Operational Excellence/Query Samples/3.Common_Security_Challenges_in_the_Cloud.md -------------------------------------------------------------------------------- /Chapter 4: Operational Excellence/Query Samples/4.Hands-on Training_Mastering_KQL.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 4: Operational Excellence/Query Samples/4.Hands-on Training_Mastering_KQL.md -------------------------------------------------------------------------------- /Chapter 4: Operational Excellence/Query Samples/5.KQL_Across_Azure.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 4: Operational Excellence/Query Samples/5.KQL_Across_Azure.md -------------------------------------------------------------------------------- /Chapter 4: Operational Excellence/Query Samples/6.Using_KQL_for_Microsoft_Intune_for_Diagnostics_and_Compliance.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 4: Operational Excellence/Query Samples/6.Using_KQL_for_Microsoft_Intune_for_Diagnostics_and_Compliance.md -------------------------------------------------------------------------------- /Chapter 4: Operational Excellence/Query Samples/7.Using_KQL_to_Create_Powerful_Azure_Monitor_Workbooks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 4: Operational Excellence/Query Samples/7.Using_KQL_to_Create_Powerful_Azure_Monitor_Workbooks.md -------------------------------------------------------------------------------- /Chapter 4: Operational Excellence/Query Samples/8.Enhancing_Data_Management_and_Efficiency.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 4: Operational Excellence/Query Samples/8.Enhancing_Data_Management_and_Efficiency.md -------------------------------------------------------------------------------- /Chapter 4: Operational Excellence/Query Samples/9.Best_Practices_for_Optimizing_Query_Performance.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 4: Operational Excellence/Query Samples/9.Best_Practices_for_Optimizing_Query_Performance.md -------------------------------------------------------------------------------- /Chapter 4: Operational Excellence/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 4: Operational Excellence/README.md -------------------------------------------------------------------------------- /Chapter 5: KQL for Cyber Security/Data Samples/FirewallLogs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 5: KQL for Cyber Security/Data Samples/FirewallLogs.csv -------------------------------------------------------------------------------- /Chapter 5: KQL for Cyber Security/Data Samples/README.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Chapter 5: KQL for Cyber Security/Query Samples/1. Cybersecurity-focused Operators.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 5: KQL for Cyber Security/Query Samples/1. Cybersecurity-focused Operators.md -------------------------------------------------------------------------------- /Chapter 5: KQL for Cyber Security/Query Samples/2. User Compromise in Microsoft 365.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 5: KQL for Cyber Security/Query Samples/2. User Compromise in Microsoft 365.md -------------------------------------------------------------------------------- /Chapter 5: KQL for Cyber Security/Query Samples/3. Phishing Attacks.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 5: KQL for Cyber Security/Query Samples/3. Phishing Attacks.md -------------------------------------------------------------------------------- /Chapter 5: KQL for Cyber Security/Query Samples/4. Firewall Log Parsing.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 5: KQL for Cyber Security/Query Samples/4. Firewall Log Parsing.md -------------------------------------------------------------------------------- /Chapter 5: KQL for Cyber Security/Query Samples/5. Auditing Security Posture.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 5: KQL for Cyber Security/Query Samples/5. Auditing Security Posture.md -------------------------------------------------------------------------------- /Chapter 5: KQL for Cyber Security/Query Samples/6. Microsoft Entra ID Tenant Compromise.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 5: KQL for Cyber Security/Query Samples/6. Microsoft Entra ID Tenant Compromise.md -------------------------------------------------------------------------------- /Chapter 5: KQL for Cyber Security/Query Samples/7. Ransomware TTPs.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 5: KQL for Cyber Security/Query Samples/7. Ransomware TTPs.md -------------------------------------------------------------------------------- /Chapter 5: KQL for Cyber Security/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 5: KQL for Cyber Security/README.md -------------------------------------------------------------------------------- /Chapter 6: Advanced KQL for Cyber Security/Data Samples/AADSignInLogs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 6: Advanced KQL for Cyber Security/Data Samples/AADSignInLogs.csv -------------------------------------------------------------------------------- /Chapter 6: Advanced KQL for Cyber Security/Data Samples/FWLogs.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 6: Advanced KQL for Cyber Security/Data Samples/FWLogs.csv -------------------------------------------------------------------------------- /Chapter 6: Advanced KQL for Cyber Security/Data Samples/Indicators.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 6: Advanced KQL for Cyber Security/Data Samples/Indicators.csv -------------------------------------------------------------------------------- /Chapter 6: Advanced KQL for Cyber Security/Data Samples/README.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Chapter 6: Advanced KQL for Cyber Security/Query Samples/1. mv-expand and mv-apply.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 6: Advanced KQL for Cyber Security/Query Samples/1. mv-expand and mv-apply.md -------------------------------------------------------------------------------- /Chapter 6: Advanced KQL for Cyber Security/Query Samples/2. Joins.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 6: Advanced KQL for Cyber Security/Query Samples/2. Joins.md -------------------------------------------------------------------------------- /Chapter 6: Advanced KQL for Cyber Security/Query Samples/3. let statement.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 6: Advanced KQL for Cyber Security/Query Samples/3. let statement.md -------------------------------------------------------------------------------- /Chapter 6: Advanced KQL for Cyber Security/Query Samples/4. iff, case and coalesce.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 6: Advanced KQL for Cyber Security/Query Samples/4. iff, case and coalesce.md -------------------------------------------------------------------------------- /Chapter 6: Advanced KQL for Cyber Security/Query Samples/5. parse and regex.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 6: Advanced KQL for Cyber Security/Query Samples/5. parse and regex.md -------------------------------------------------------------------------------- /Chapter 6: Advanced KQL for Cyber Security/Query Samples/6. Time operators.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 6: Advanced KQL for Cyber Security/Query Samples/6. Time operators.md -------------------------------------------------------------------------------- /Chapter 6: Advanced KQL for Cyber Security/Query Samples/7. Visualizations and time-series analysis.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 6: Advanced KQL for Cyber Security/Query Samples/7. Visualizations and time-series analysis.md -------------------------------------------------------------------------------- /Chapter 6: Advanced KQL for Cyber Security/Query Samples/8. Geolocation.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 6: Advanced KQL for Cyber Security/Query Samples/8. Geolocation.md -------------------------------------------------------------------------------- /Chapter 6: Advanced KQL for Cyber Security/Query Samples/9. Misc operators and functions.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 6: Advanced KQL for Cyber Security/Query Samples/9. Misc operators and functions.md -------------------------------------------------------------------------------- /Chapter 6: Advanced KQL for Cyber Security/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Chapter 6: Advanced KQL for Cyber Security/README.md -------------------------------------------------------------------------------- /Extra Microsoft Employee Submitted Queries/README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Extra Microsoft Employee Submitted Queries/README.md -------------------------------------------------------------------------------- /Other/CfSPlugin/DefinitiveKQL.yaml: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Other/CfSPlugin/DefinitiveKQL.yaml -------------------------------------------------------------------------------- /Other/CfSPlugin/Readme.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Other/CfSPlugin/Readme.md -------------------------------------------------------------------------------- /Other/Data/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Other/Data/definitive-guide-kql_file_structure.csv: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/Other/Data/definitive-guide-kql_file_structure.csv -------------------------------------------------------------------------------- /Other/Readme.md: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/KQLMSPress/definitive-guide-kql/HEAD/README.md --------------------------------------------------------------------------------