Lifetime access

Advanced Hands-On KQL for Threat Hunting and Detection Engineering

This advanced course is designed for SOC analysts, threat hunters and detection engineers familiar with KQL or those who have completed the Hands-On KQL for Security Analysts course. It focuses on basic and advanced techniques for threat hunting and detection engineering in a hyper-realistic lab environment. Whether you’re working with Microsoft Sentinel, Defender for Endpoint, or Microsoft 365 Defender XDR, this course will elevate your skills in KQL with hands-on, practical experience. 
Write your awesome label here.
Write your awesome label here.
Lifetime access

Advanced KQL for Threat Hunting and Detection Engineering

This advanced course is designed for SOC analysts, threat hunters and detection engineers familiar with KQL or those who have completed the Hands-On KQL for Security Analysts course. It focuses on basic and advanced techniques for threat hunting and detection engineering in a hyper-realistic lab environment. Whether you’re working with Microsoft Sentinel, Defender for Endpoint, or Microsoft 365 Defender XDR, this course will elevate your skills in KQL with hands-on, practical experience. 

Hands-On Examples

COURSE CREDITS

Course Lessons

Frequently asked questions

Who should take the course?

This course is ideal for:
  • SOC Analysts and Incident Responders who want to learn and improve threat hunting and detection engineering skills
  • Cybersecurity professionals seeking to deepen their data analysis skills.

Are there any prerequisites?

You should be comfortable with filtering, combining, joining, manipulating, and aggregating data using KQL. You can gain required knowledge and experience by taking the "Hands-On KQL for Security Analysts" course.

Does the course contain video content?

No. While the course is text-based, the content is supported by screenshots with explanations. This approach makes it easy to follow and understand the content. You may check the free "Introduction to KQL for Security Analysis" course to see how it looks.

Are there any prerequisites or lab requirements?

No additional software and hardware is required. You will access the lab environment via a web browser. The lab environment is an Azure Data Explorer instance where you will analyze the logs of a simulated organization.

Can I get a certificate of completion?

Yes, you will receive a certificate of completion.

What is Lemon Squeezy?

Lemon Squeezy is a Merchant of Record that processes payments and handles taxes. You may see its name on your card statements. 

Start Hunting APTs

Created by

Mehmet Ergene

Mehmet brings over 15 years of experience in cybersecurity, with a unique blend of expertise in KQL, threat hunting, detection engineering, and data science to his courses to help others advance their skills. Recognized four times as a Microsoft Security MVP, he is renowned for adapting the RITA beacon analyzer to KQL and for his insightful presentations at key conferences like the SANS DFIR Summit.