Kusto Query Internals – Azure Sentinel Reference


Since a lot of people are into Azure Sentinel. I’ve decided to share a documentation that walks you through the different steps to understand the basic concepts of Kusto Query Language (KQL).

KQL is the core fundamentals in Azure Sentinel to search and analyze data. This is also why it’s worth to understand how to use KQL to look for certain kind of data, etc.

Kusto Query Internals contains 9 chapters and it will dive you into all the basic concepts that you need to know to look for data, but besides of that. It covers at every chapter a ”use-case” that is defined, and later on. It guides you through the different steps that are taken to write a KQL query for the described use-case.

The purpose of this doc is to help you understand the basic concepts, so you can further expand your knowledge.

Happy learning!

Download it here:

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: