KQL Cafe 28. November 2023
Hosts
Guests
News
- Detect malware communication using SSL inspection
- Analyzing MITRE ATT&CK Detection with KQL
- KQL Functions For Network Operations
- DNS requests to suspicious TLDs
- The KQL Mysteries: Prologue
- Public Preview: Azure Log Alerts support for Azure Resource Graph (ARG)
- Azure Monitor Data Collection API Retirement
Tools
Training
Learning KQL
AS operator
run queries at
Perf
| project TimeGenerated, Computer, ObjectName, CounterName
| as tPerf
| summarize count() by ObjectName, CounterName
| join kind=inner tPerf on ObjectName, CounterName
let tPerf = Perf
| project TimeGenerated, Computer, ObjectName, CounterName
| summarize count() by ObjectName, CounterName;
Perf
| join kind=inner tPerf on ObjectName, CounterName