Автор: Mark Morowczynski, Rod Trent, Matthew Zorich
Издательство: Microsoft Press/Pearson Education
Год: 2024
Страниц: 496
Язык: английский
Формат: epub
Размер: 58.4 MB
KQL is a powerful query language that helps analyze a large volume of structured, semi structured, and unstructured data. KQL has inbuilt operators and functions that lets a user analyze data to find trends, patterns, anomalies, create forecasting, and machine learning. KQL underpins a variety of Microsoft cloud products - Microsoft Sentinel, Azure Data Explorer, Microsoft 365 Advanced Hunting, Azure Resource Graph, Azure Monitor and more. KQL has similarities with SQL language as well. KQL allows to write data queries and control commands for the database and the database tables.
The modern IT professional must learn various technologies; you will limit your career if you don’t learn them. You will forever rely on someone with that skill; even worse, you will be left behind. The Kusto Query Language, or KQL, is one of those foundational technologies for IT professionals, security team members, and really anyone who is leveraging the Microsoft Azure platform. If you want to turn data into insights and action, you’ll need to use KQL. What do we mean by that? There is a tremendous amount of data being generated by your Azure resources. Your users and applications log into Microsoft Entra ID (formerly Azure Active Directory) around the clock. Also, you might be running an application using Azure App Service that Azure Front Door is protecting while you are hosting a fleet of Windows Servers in Azure IaaS (Infrastructure as a Service).
Where KQL Is Used? KQL is used everywhere in Azure! More than 150 services—including applications, IaaS workloads, infrastructure, and the Azure platform itself—can send their data to Azure Monitor. And we can query all of it with KQL. You can even add custom log sources from other clouds or on-premises. We will highlight the following types of Azure data sources throughout this book:
• App services
• Azure Arc
• Azure Stack
• Desktop virtualization
• Firewalls
• Azure Front Door
• Key Vaults
• Storage accounts
• SQL databases, managed instances, and servers
A world of data is waiting to be investigated, and more data sources are being added daily! KQL will help you answer similar questions in our example above and explore the depths of your data. KQL is also the foundational language for Microsoft Sentinel, a cloud-native security information and event management (SIEM) and security orchestration, automation, and response (SOAR). You’ll be able to create interactive workbooks and correlate alerts to incidents. Though this book doesn’t focus on Sentinel specifically, in Chapter 5, “Security and Threat Hunting,” we’ll show some of the most useful queries for common security scenarios.
Contents:
Скачать The Definitive Guide to KQL (Early Release)