Blue Team

CRW08 Advanced Investigation and Threat Hunting with KQL


4:00pm - 5:15pm

Level: Intermediate

Bi Yue Xu

Principal Security Cloud Solution Architect


In the ever-evolving landscape of cybersecurity, efficient investigation and proactive threat hunting are essential to staying ahead of adversaries. This presentation explores the Kusto Query Language (KQL) as a powerful tool that enables rapid threat identification, thorough incident investigations, and enhanced threat hunting capabilities.

You will learn:

  • The fundamentals of KQL
  • About conducting investigations with KQL through real-life examples
  • Demonstrating KQL queries utilized for detection and threat hunting