Learn KQL for Security Analysis
Free Course with Hands-on Labs
I am going to keep this post short and simple. In this blogpost I am going to provide some details about the awesome course by Mehmet Ergene Introduction to KQL for Security Analysis. This is a definitely a recommended course if someone is getting started with KQL or need to refresh their KQL syntax skills. The contents / outline of the course is provided in the links below along with other information on how to get access to the course.
This course is divided into 8 sections (including getting started to course and wrap-up) and is easy to understand, it is FREE to take and YES, includes hands-on labs.
Key takeaways:
- Databases, logging capabilities in Microsoft Sentinel and Defender.
- Schema differences in Microsoft Sentinel and Defender.
- Fundamentals of KQL query syntax and building our first KQL query.
- Different type of operators and how to be efficient with searches.
- Joining and combining different datasets available.
- Reviewing collection and summarization of the data from various sources, how this can be aggregated in KQL for investigations.
- Learn about different static and dynamic thresholds for anomaly detection.
Lab Access: Once we signup for the class we get invitation to access the labs and they are available for 14 days from the date of registration.
Exam: We have 3 exercises with few questions to answer and solutions are provided as well.
Once we finish the course, we will get a certificate of completion.
Key Information:
- Contents / Outline of the course: https://academy.bluraven.io/intro-to-kql-for-security-analysis
- Cost to take this course: FREE
- Hands-on Labs included: YES
How to get access: Enrollment opens for 50 students every 1st and 15th of the month (100 students a month).
- Achievement: Certificate of Completion.
What next?
Eventually, I want to check out the other 2 courses available from BluRaven — Hands-On KQL for Security Analysts and Hands-on KQL for Threat Hunting and Detection Engineering.
References:
