The Definitive Guide to KQL
Addison Wesley (Verlag)
978-0-13-829338-3 (ISBN)
Solve real problems with Kusto Query Language— and build your competitive advantage:
Learn the fundamentals of KQL—what it is and where it is used
Examine the anatomy of a KQL query
Understand why data summation and aggregation is important
See examples of data summation, including count, countif, and dcount
Learn the benefits of moving from raw data ingestion to a more automated approach for security operations
Unlock how to write efficient and effective queries
Work with advanced KQL operators, advanced data strings, and multivalued strings
Explore KQL for day-to-day admin tasks, performance, and troubleshooting
Use KQL across Azure, including app services and function apps
Delve into defending and threat hunting using KQL
Recognize indicators of compromise and anomaly detection
Learn to access and contribute to hunting queries via GitHub and workbooks via Microsoft Entra ID
Mark Morowczynski is a principal product manager on the Security Customer Experience Engineering (CxE) team at Microsoft. He spends most of his time working with customers on their deployments in the Identity and Access Management (IAM) and information security space. He's spoken at various industry events, including Black Hat, Defcon Blue Team Village, Blue Team Con, Microsoft Ignite, and several BSides and SANS Security Summits. He has a BS in computer science, an MS in computer information and network security, and an MBA from DePaul University. He also has a MS in Information Security Engineering from the SANS Technology Institute. He can be found online on Mastodon at @markmorow@infosec.exchange or his website at https://markmorow.com. Rod Trent is a senior program manager at Microsoft, focused on cybersecurity and AI. He has spoken at many conferences over the past 30-some years and has written several books, including Must Learn KQL: Essential Learning for the Cloud-focused Data Scientist, and thousands of articles. He is a husband, dad, and first-time grandfather. In his spare time (if such a thing does truly exist), you can regularly find him simultaneously watching Six Million Dollar Man episodes and writing KQL queries. Rod can be found on LinkedIn and X (formerly Twitter) at @rodtrent. Matthew Zorich was born and raised in Australia and works for the Microsoft GHOST team, which provides threat-hunting oversight to many areas of Microsoft. Before that, he worked for the Microsoft Detection and Response Team (DART) and dealt with some of the most complex and largest-scale cybersecurity compromises on the planet. Before joining Microsoft as a full-time employee, he was a Microsoft MVP, ran a blog focused on Microsoft Sentinel, and contributed hundreds of open-source KQL queries to the community. He is a die-hard sports fan, especially the NBA and cricket.
Foreword by Ann Johnson
CHAPTER 1 Introduction and Fundamentals
CHAPTER 2 Data Aggregation
CHAPTER 3 Unlocking Insights with Advanced KQL Operators
CHAPTER 4 Operational Excellence with KQL
CHAPTER 5 KQL for Cybersecurity—Defending and Threat Hunting
CHAPTER 6 Advanced KQL Cybersecurity Use Cases and Operators
| Erscheinungsdatum | 22.05.2024 |
|---|---|
| Reihe/Serie | Business Skills |
| Verlagsort | Boston |
| Sprache | englisch |
| Maße | 360 x 230 mm |
| Gewicht | 853 g |
| Themenwelt | Informatik ► Betriebssysteme / Server ► Windows |
| Informatik ► Netzwerke ► Sicherheit / Firewall | |
| ISBN-10 | 0-13-829338-4 / 0138293384 |
| ISBN-13 | 978-0-13-829338-3 / 9780138293383 |
| Zustand | Neuware |
| Haben Sie eine Frage zum Produkt? |
aus dem Bereich
