Keshav Jain
- May 22, 2021
- 1 min read

Learn how to write your first KQL query!

KQL is quite important in Azure SECOPS domain. Azure Sentinel, Azure Monitor, Defender suite, etc. are powered by KQL .

Sometime when people are new to KQL and they get task on writing query. It could be confusing for someone and hard to understand from where to start.

https://www.youtube.com/watch?v=lCGY2lHKd4s&t=1121s

My vlog talk about approach and basic commands. In this video I have tried explaining about the approach that one can use while writing their first KQL query. I have talked about the few basic operator that are useful while working on the tasks. Do comment if you have any questions.

https://www.youtube.com/watch?v=lCGY2lHKd4s&t=1121s

Recent Posts

See All

Microsoft Sentinel - Collecting Common Event Format (CEF) via AMA Data connector.

Microsoft Sentinel provides Common Event Format (CEF) via AMA connector to quickly filter and upload logs in the Common Event Format (CEF) from multiple on-premises appliances over Syslog. The connect

Collecting CEF log using Azure Monitor Agent (AMA agent). Unable to install CEF collector on RHEL8.

We were working on configuring the Data Connector "Common Event Format (CEF) via AMA" in Microsoft Sentinel . While running the CEF installer on RHEL 8 server sudo wget -O Forwarder_AMA_installer.py

Error "Failed to list classic administrators of subscription" while deploying the Service offer.

Below listed error might appear while deploying the ARM template in MSSP environment for managing the Sentinel using the Azure Lighthouse. • Operation nameValidate Deployment • Error codeInvalidTempla

Learn how to write your first KQL query!

Recent Posts

Subscribe Form