LIFETIME ACCESS

Advanced Hands-On KQL for Threat Hunting and Detection Engineering from Scratch

Learn and elevate your threat hunting and detection engineering skills with a transformative training course, offering hands-on experience in a hyper-realistic lab environment using KQL! Whether you’re a security analyst, threat hunter, or detection engineer utilizing Microsoft Sentinel, Microsoft Defender for Endpoint, or Microsoft 365 Defender XDR, or simply aspiring to master your skills using the Kusto Query Language (KQL), this course is for you!

Read the Course Review
Write your awesome label here.

What You Will Learn

By the end of this course, you will:
  • Understand the foundational concepts of databases and logging.
  • Be proficient in crafting and optimizing KQL queries for security data analysis.
  • Be able to understand hundreds of publicly shared KQL queries and easily customize them to implement in your environment.
  • Gain expertise in manipulating and combining datasets for comprehensive analysis.
  • Learn how to use threat intelligence feeds efficiently
  • Learn fundamental anomaly detection methods used in threat hunting and detection engineering
  • Master time series anomaly detection for threat hunting and detection engineering
  • Learn a novel method to detect attack flows and infection chains
  • Learn how to use KQL graph semantics for threat hunting and detection engineering 
  • Test your knowledge with a final capstone that covers a full chain attack

Hands-On Examples

Exercises

COURSE CREDITS

Course Lessons

Frequently asked questions

Who should take the course?

This course is ideal for:
  • SOC Analysts and Incident Responders who want to improve their investigation skills
  • Cybersecurity professionals seeking to deepen their data analysis skills.
  • IT professionals and analysts interested in specializing in security data analysis using KQL.
  • Beginners who are keen to learn KQL in the context of cybersecurity.

Are there any prerequisites?

A basic understanding of databases and a keen interest in cybersecurity data analysis are recommended, but the course begins with foundational concepts, making it accessible to all enthusiastic learners.

Does the course contain video content?

No. While the course is text-based, the content is supported by screenshots with explanations. This approach makes it easy to follow and understand the content. You may check the free "Introduction to KQL for Security Analysis" course to see how it looks.

Are there any prerequisites or lab requirements?

No additional software and hardware is required. You will access the lab environment via a web browser. The lab environment is an Azure Data Explorer instance where you will analyze the logs of a simulated organization.

Can I get a certificate of completion?

Yes, you will receive a certificate of completion.

What is Lemon Squeezy?

Lemon Squeezy is a Merchant of Record that processes payments and handles taxes. You may see its name on your card statements. 

Start Hunting APTs

Created by

Mehmet Ergene

Mehmet brings over 15 years of experience in cybersecurity, with a unique blend of expertise in KQL, threat hunting, detection engineering, and data science to his courses to help others advance their skills. Recognized four times as a Microsoft Security MVP, he is renowned for adapting the RITA beacon analyzer to KQL and for his insightful presentations at key conferences like the SANS DFIR Summit.