Write your awesome label here.

Hands-On KQL for Security Analysts

Elevate your security analysis skills with the Kusto Query Language (KQL) training course, offering hands-on experience in a hyper-realistic lab environment! Whether you’re a security analyst or incident responder utilizing Microsoft Sentinel, Defender for Endpoint, or Microsoft 365 Defender XDR, or simply aspiring to master the KQL for security analysis, this course is for you!
Since commencing the Hands-On KQL for Security Analysts course, resolution times for the bulk of email and identity alerts has dropped to seconds.
LIFETIME ACCESS

Hands-On KQL for Security Analysts

Elevate your security analysis skills with the Kusto Query Language (KQL) training course, offering hands-on experience in a hyper-realistic lab environment! Whether you’re a security analyst or incident responder utilizing Microsoft Sentinel, Defender for Endpoint, or Microsoft 365 Defender XDR, or simply aspiring to master the KQL for security analysis, this course is for you!
Since commencing the Hands-On KQL for Security Analysts course, resolution times for the bulk of email and identity alerts has dropped to seconds.
Write your awesome label here.

What You Will Learn

By the end of this course, you will:
  • Understand the foundational concepts of databases and logging.
  • Be proficient in crafting and optimizing KQL queries for security data analysis.
  • Be able to understand hundreds of publicly shared KQL queries and easily customize them to implement in your environment.
  • Gain expertise in manipulating and combining datasets for comprehensive analysis.
  • Master various investigation techniques to find what you want easily and quickly. For instance:
    • Time series visualization for quick triage and spotting anomalies.
    • Geospatial visualization for quick triage and spotting anomalies, which is extremely useful for AiTM and other Identity focused attacks.
  • Be able to triage and investigate alerts/incidents significantly FAST! 

Hands-On Examples

Exercises

Investigation scenarios

COURSE CREDITS

Course Lessons

Frequently asked questions

Who should take the course?

This course is ideal for:
  • SOC Analysts and Incident Responders who want to improve their investigation skills
  • Cybersecurity professionals seeking to deepen their data analysis skills.
  • IT professionals and analysts interested in specializing in security data analysis using KQL.
  • Beginners who are keen to learn KQL in the context of cybersecurity.

Are there any prerequisites?

A basic understanding of databases and a keen interest in cybersecurity data analysis are recommended, but the course begins with foundational concepts, making it accessible to all enthusiastic learners.

Does the course contain video content?

No. While the course is text-based, the content is supported by screenshots with explanations. This approach makes it easy to follow and understand the content. You may check the free "Introduction to KQL for Security Analysis" course to see how it looks.

Are there any prerequisites or lab requirements?

No additional software and hardware is required. You will access the lab environment via a web browser. The lab environment is an Azure Data Explorer instance where you will analyze the logs of a simulated organization.

Can I get a certificate of completion?

Yes, you will receive a certificate of completion.

What is Lemon Squeezy?

Lemon Squeezy is a Merchant of Record that processes payments and handles taxes. You may see its name on your card statements. 

10x Your Investigation Skills

Created by

Mehmet Ergene

Mehmet brings over 15 years of experience in cybersecurity, with a unique blend of expertise in KQL, threat hunting, detection engineering, and data science to his courses to help others advance their skills. Recognized four times as a Microsoft Security MVP, he is renowned for adapting the RITA beacon analyzer to KQL and for his insightful presentations at key conferences like the SANS DFIR Summit.