├── Advanced ├── Advanced KQL for Threat Hunters.pdf └── readme.md ├── Archived ├── DemystifyingKQL.pdf └── readme.md ├── Demystifying-KQL.pdf ├── Queries └── Readme.md └── README.md /Advanced/Advanced KQL for Threat Hunters.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ml58158/Demystifying-KQL/61c63b42598dfb4e54d309f7350736cc45be70fa/Advanced/Advanced KQL for Threat Hunters.pdf -------------------------------------------------------------------------------- /Advanced/readme.md: -------------------------------------------------------------------------------- 1 | # CyberNinja Advanced KQL Training 2 | 3 | Welcome to the **Advanced KQL (Kusto Query Language) Training** repository! This repo is designed to help you master KQL, with a focus on advanced concepts and practical examples that you can use to query and analyze data in Azure Data Explorer, Azure Monitor, and Microsoft Sentinel. 4 | 5 | ## Table of Contents 6 | 7 | - [Introduction](#introduction) 8 | - [Prerequisites](#prerequisites) 9 | - [Getting Started](#getting-started) 10 | - [Topics Covered](#topics-covered) 11 | - [Example Queries](#example-queries) 12 | - [Resources](#resources) 13 | - [Contributing](#contributing) 14 | 15 | ## Introduction 16 | 17 | Kusto Query Language (KQL) is a powerful language used to query and analyze large datasets in Azure services like Azure Data Explorer, Azure Monitor, and Microsoft Sentinel. This repository is intended for those who are already familiar with the basics of KQL and want to dive deeper into advanced topics. 18 | 19 | ## Prerequisites 20 | 21 | Before diving into the advanced topics, you should have a basic understanding of: 22 | 23 | - **KQL Syntax**: Familiarity with basic query structures, filters, and aggregations. 24 | - **Azure Services**: Basic knowledge of Azure Data Explorer, Azure Monitor, and Microsoft Sentinel. 25 | - **Data Analysis**: An understanding of data analysis concepts. 26 | 27 | If you're new to KQL, consider starting with the [KQL Basics](https://docs.microsoft.com/en-us/azure/data-explorer/kql-quick-start) before moving on to the advanced topics covered in this repository. 28 | 29 | ## Getting Started 30 | 31 | TBD 32 | -------------------------------------------------------------------------------- /Archived/DemystifyingKQL.pdf: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /Archived/readme.md: -------------------------------------------------------------------------------- 1 | Archived Versions 2 | -------------------------------------------------------------------------------- /Demystifying-KQL.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/ml58158/Demystifying-KQL/61c63b42598dfb4e54d309f7350736cc45be70fa/Demystifying-KQL.pdf -------------------------------------------------------------------------------- /Queries/Readme.md: -------------------------------------------------------------------------------- 1 | ### Coming Soon! 2 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Demystifying-KQL 2 | Content Repo for Demystifying KQL Tutorial Series 3 | 4 | This series is a passion project of mine to help SOC Analysts get up to speed on KQL to use Microsoft Sentinel. 5 | It is designed to give a foundational knowledge of KQL and enable you to ramp up on writing basic security related queries. 6 | 7 | This is the first of my KQL Series that will be published. 8 | --------------------------------------------------------------------------------