Rod Trent (MSFT) a publié une série d’articles permettant d’aborder les concepts généraux du Kusto Query Language (KQL) utilisé par de nombreux produits de sécurité (Microsoft 365 Defender, Microsoft Sentinel, etc.). Bref, cela devient un incontournable ! Vous pouvez donc utiliser les articles suivants :
- Must Learn KQL Part 1: Tools and Resources
- Must Learn KQL Part 2: Just Above Sea Level
- Must Learn KQL Part 3: Workflow
- Must Learn KQL Part 4: Search for Fun and Profit
- Must Learn KQL Part 5: Turn Search into Workflow
- Must Learn KQL Part 6: Interface Intimacy
- Must Learn KQL Part 7: Schema Talk
- Must Learn KQL Part 8: The Where Operator
- Must Learn KQL Part 9: The Limit/Take Operators
- Must Learn KQL Part 10: The Count Operator
- Must Learn KQL Part 11: The Summarize Operator
- Must Learn KQL Part 12: The Render Operator (with Bin and Time)
- Must Learn KQL Part 13: The Extend Operator
- Must Learn KQL Part 14: The Project Operator
- Must Learn KQL Part 15: The Distinct Operator
- Must Learn KQL Part 16: The Order/Sort and Top Operators
- Must Learn KQL Part 17: The Let Statement
- Must Learn KQL Part 18: The Union Operator
- Must Learn KQL Part 19: The Join Operator
- Must Learn KQL Part 20: Building your first Microsoft Sentinel Analytics Rule
On retrouve aussi un eBook : MustLearnKQL/Book_Version at main · rod-trent/MustLearnKQL · GitHub
Il existe aussi une chaine Youtube : https://cda.ms/3Jx
