Since a lot of people are into Azure Sentinel. I’ve decided to share a documentation that walks you through the different steps to understand the basic concepts of Kusto Query Language (KQL).
KQL is the core fundamentals in Azure Sentinel to search and analyze data. This is also why it’s worth to understand how to use KQL to look for certain kind of data, etc.
Kusto Query Internals contains 9 chapters and it will dive you into all the basic concepts that you need to know to look for data, but besides of that. It covers at every chapter a ”use-case” that is defined, and later on. It guides you through the different steps that are taken to write a KQL query for the described use-case.
The purpose of this doc is to help you understand the basic concepts, so you can further expand your knowledge.
Download it here: