LinkedIn and 3rd parties use essential and non-essential cookies to provide, secure, analyze and improve our Services, and to show you relevant ads (including professional and job ads) on and off LinkedIn. Learn more in our Cookie Policy.

Select Accept to consent or Reject to decline non-essential cookies for this use. You can update your choices at any time in your settings.

Start free trial Sign in

From the course: Microsoft Defender for Office 365

Unlock the full course today

Join today to access over 24,900 courses taught by industry experts.

Learning Kusto Query Language (KQL)

Learning Kusto Query Language (KQL)

From the course: Microsoft Defender for Office 365

Start my 1-month free trial Buy for my team

Learning Kusto Query Language (KQL)

“

- [Instructor] When it comes to KQL, I don't even need to show you how to program it because all the different prompts are built into advanced threat hunting for you. But this is going to give you a little bit of a lesson on how it all works. So don't worry. You don't have to be a programmer to understand this. Of course, if you are a programmer, then it'll be that much easier. To start with, we need a data source. Whenever we create any type of KQL query, which is done in advanced threat hunting, then it's going to need a data source. And I'll explain what that is and give you some examples in a second. After that, we need to have this pipe command. The pipe command signals to the query that we're going to have a filter or a modifier or a limiter. In other words, we're going to have a query about the data source from the previous line. Now we can add additional filters. We don't have to have just one filter modifier or a limiter, we can have as many different lines as we need to…

Contents

- (Locked)
  
  Next steps
  
  57s