The Definitive Guide to KQL: Using Kusto Query Language for Operations, Defending, and Threat Hunting
暫譯: KQL 完全指南:使用 Kusto 查詢語言進行操作、防禦與威脅獵捕

Morowczynski, Mark, Trent, Rod, Zorich, Matthew

  • 出版商: MicroSoft
  • 出版日期: 2024-05-24
  • 售價: $1,980
  • 貴賓價: 9.5$1,881
  • 語言: 英文
  • 頁數: 480
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 0138293384
  • ISBN-13: 9780138293383
  • 立即出貨

相關主題

商品描述

Turn the avalanche of raw data from Azure Data Explorer, Azure Monitor, Microsoft Sentinel, and other Microsoft data platforms into actionable intelligence with KQL (Kusto Query Language). Experts in information security and analysis guide you through what it takes to automate your approach to risk assessment and remediation, speeding up detection time while reducing manual work using KQL. This accessible and practical guide--designed for a broad range of people with varying experience in KQL--will quickly make KQL second nature for information security.

Solve real problems with Kusto Query Language-- and build your competitive advantage:

  • Learn the fundamentals of KQL--what it is and where it is used
  • Examine the anatomy of a KQL query
  • Understand why data summation and aggregation is important
  • See examples of data summation, including count, countif, and dcount
  • Learn the benefits of moving from raw data ingestion to a more automated approach for security operations
  • Unlock how to write efficient and effective queries
  • Work with advanced KQL operators, advanced data strings, and multivalued strings
  • Explore KQL for day-to-day admin tasks, performance, and troubleshooting
  • Use KQL across Azure, including app services and function apps
  • Delve into defending and threat hunting using KQL
  • Recognize indicators of compromise and anomaly detection
  • Learn to access and contribute to hunting queries via GitHub and workbooks via Microsoft Entra ID

商品描述(中文翻譯)

將來自 Azure Data Explorer、Azure Monitor、Microsoft Sentinel 及其他 Microsoft 數據平台的海量原始數據轉化為可行的情報,使用 KQL(Kusto 查詢語言)。資訊安全和分析專家將指導您如何自動化風險評估和修復的過程,利用 KQL 加快檢測時間,同時減少手動工作。這本易於理解且實用的指南專為不同經驗層級的讀者設計,將迅速使 KQL 成為資訊安全的第二天性。

使用 Kusto 查詢語言解決實際問題,並建立您的競爭優勢:

- 學習 KQL 的基本原理——它是什麼以及在哪裡使用
- 檢視 KQL 查詢的結構
- 理解數據總結和聚合的重要性
- 查看數據總結的範例,包括 count、countif 和 dcount
- 學習從原始數據攝取轉向更自動化的安全操作方法的好處
- 解鎖如何撰寫高效且有效的查詢
- 使用進階 KQL 運算子、進階數據字串和多值字串
- 探索 KQL 在日常管理任務、性能和故障排除中的應用
- 在 Azure 中使用 KQL,包括應用服務和函數應用
- 深入了解使用 KQL 進行防禦和威脅獵捕
- 辨識妥協指標和異常檢測
- 學習如何通過 GitHub 訪問和貢獻獵捕查詢,並通過 Microsoft Entra ID 使用工作簿

作者簡介

Mark Morowczynski is a principal product manager on the Security Customer Experience Engineering (CxE) team at Microsoft. He spends most of his time working with customers on their deployments in the Identity and Access Management (IAM) and information security space. He's spoken at various industry events, including Black Hat, Defcon Blue Team Village, Blue Team Con, Microsoft Ignite, and several BSides and SANS Security Summits. He has a BS in computer science, an MS in computer information and network security, and an MBA from DePaul University. He also has a MS in Information Security Engineering from the SANS Technology Institute. He can be found online on Mastodon at @markmorow@infosec.exchange or his website at https: //markmorow.com.

Rod Trent is a senior program manager at Microsoft, focused on cybersecurity and AI. He has spoken at many conferences over the past 30-some years and has written several books, including Must Learn KQL: Essential Learning for the Cloud-focused Data Scientist, and thousands of articles. He is a husband, dad, and first-time grandfather. In his spare time (if such a thing does truly exist), you can regularly find him simultaneously watching Six Million Dollar Man episodes and writing KQL queries. Rod can be found on LinkedIn and X (formerly Twitter) at @rodtrent.

Matthew Zorich was born and raised in Australia and works for the Microsoft GHOST team, which provides threat-hunting oversight to many areas of Microsoft. Before that, he worked for the Microsoft Detection and Response Team (DART) and dealt with some of the most complex and largest-scale cybersecurity compromises on the planet. Before joining Microsoft as a full-time employee, he was a Microsoft MVP, ran a blog focused on Microsoft Sentinel, and contributed hundreds of open-source KQL queries to the community. He is a die-hard sports fan, especially the NBA and cricket.

作者簡介(中文翻譯)

Mark Morowczynski 是微軟安全客戶體驗工程 (CxE) 團隊的首席產品經理。他大部分時間都在與客戶合作,處理身份與存取管理 (IAM) 及資訊安全領域的部署。他曾在多個行業活動上發言,包括 Black Hat、Defcon Blue Team Village、Blue Team Con、Microsoft Ignite,以及幾個 BSides 和 SANS 安全峰會。他擁有計算機科學學士學位、計算機資訊與網路安全碩士學位,以及德保羅大學的工商管理碩士學位。他還擁有 SANS 技術學院的資訊安全工程碩士學位。他可以在 Mastodon 上找到,帳號為 @markmorow@infosec.exchange,或訪問他的網站 https://markmorow.com。

Rod Trent 是微軟的高級計劃經理,專注於網路安全和人工智慧。在過去的三十多年裡,他在許多會議上發表過演講,並撰寫了幾本書,包括 Must Learn KQL: Essential Learning for the Cloud-focused Data Scientist,以及數千篇文章。他是一位丈夫、父親和首次當祖父的人。在他的空閒時間(如果真的存在這種東西),你經常可以看到他同時觀看《六百萬美元人》劇集並撰寫 KQL 查詢。Rod 可以在 LinkedIn 和 X(前身為 Twitter)上找到,帳號為 @rodtrent。

Matthew Zorich 在澳大利亞出生和長大,現任微軟 GHOST 團隊成員,該團隊為微軟的多個領域提供威脅獵捕監督。在此之前,他曾在微軟檢測與回應團隊 (DART) 工作,處理一些全球最複雜和大規模的網路安全事件。在成為微軟全職員工之前,他是微軟 MVP,經營一個專注於微軟 Sentinel 的部落格,並為社群貢獻了數百個開源 KQL 查詢。他是一位死忠的體育迷,特別喜愛 NBA 和板球。