qnd:azure:kusto_query_language_kql

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision		 Previous revision
qnd:azure:kusto_query_language_kql [2021/11/12 22:24] mguptonqnd:azure:kusto_query_language_kql [2022/08/25 15:46] (current) – [Kusto Query Language (KQL)] mgupton
Line 1: Line 1:
 ====== Kusto Query Language (KQL) ====== ====== Kusto Query Language (KQL) ======
   * #azure #sentinel   * #azure #sentinel
 +  * [[azure:qnd:KQL for Resource Graph Explorer]]
   * [[https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/sqlcheatsheet]]   * [[https://docs.microsoft.com/en-us/azure/data-explorer/kusto/query/sqlcheatsheet]]
   * [[https://github.com/reprise99/Sentinel-Queries]]   * [[https://github.com/reprise99/Sentinel-Queries]]
Line 23: Line 24:
 </code> </code>
  
-=== List All Tables ===+==== List All Tables ====
  
 <code> <code>
Line 50: Line 51:
  
  
-=== Windows Events Aggregated ===+==== Windows Events Aggregated ====
 <code> <code>
 SecurityEvent SecurityEvent
Line 58: Line 59:
  
  
-=== Palo Alto firewall logs ===+==== Palo Alto firewall logs ====
   * Aggregating on ApplicationProtocol   * Aggregating on ApplicationProtocol
   * Example of aggregating and sorting   * Example of aggregating and sorting
  • qnd/azure/kusto_query_language_kql.1636755890.txt.gz
  • Last modified: 2021/11/12 22:24
  • by mgupton