Blue Team

CRW08 Advanced Investigation and Threat Hunting with KQL

11/20/2024

4:00pm - 5:15pm

Level: Intermediate

Bi Yue Xu

Principal Security Cloud Solution Architect

Microsoft

In the ever-evolving landscape of cybersecurity, efficient investigation and proactive threat hunting are essential to staying ahead of adversaries. This presentation explores the Kusto Query Language (KQL) as a powerful tool that enables rapid threat identification, thorough incident investigations, and enhanced threat hunting capabilities.

You will learn:

  • The fundamentals of KQL
  • About conducting investigations with KQL through real-life examples
  • Demonstrating KQL queries utilized for detection and threat hunting