Introduction
Kusto Query Language (KQL) is the query language used to perform analysis on data to create Analytics, Workbooks, and perform Hunting in Microsoft Sentinel and Microsoft Defender XDR. Understanding basic KQL statement structure provides the foundation to build more complex statements.
You're a Security Operations Analyst working at a company that is implementing Microsoft Sentinel. You're responsible for performing log data analysis to search for malicious activity, display visualizations, and perform threat hunting. To query log data, you use the Kusto Query Language (KQL).
To learn to write KQL, you start with the basic structure of a KQL statement. The basics include what table to query, how to apply a filter, and how to return specific columns.