In episode 2, we continue learning about data in advanced hunting and how to join tables together. Learn about inner, outer, unique, and semi joins, as well as the nuances of the default Kusto innerunique join.
Episode 3: Summarizing, pivoting, and visualizing data
Now that we’re able to filter, manipulate, and join data, it’s time to start summarizing, quantifying, pivoting, and visualizing. In this episode, we cover the summarize operator and some of the calculations you can perform while diving into additional tables in the advanced hunting schema. We turn our datasets into charts that can help improve analysis.
Episode 4: Let’s hunt! Applying KQL to incident tracking
Time to track some attacker activity! In this episode, we use our improved understanding of KQL and advanced hunting in Microsoft Threat Protection to track an attack. Learn some of the tips and tricks used in the field to track attacker activity, including the ABCs of cybersecurity and how to apply them to incident response.
This webcast series was presented by Michael Melone, Principal Program Manager at Microsoft and resident threat hunter. He started this webcast series with the basics of threat hunting and then continued with more sophisticated techniques in succeeding episode. Michael brings more than seven years of threat hunting experience from his time with Microsoft Detection and Response Team (DART), where he responded to targeted attack incidents and helped our customers become cyber-resilient.
Throughout the series, he was joined by Tali Ash, the feature Program Manager for advanced hunting, who answered all your chat questions and presented some cool additional capabilities in the last episode.
If you have any questions about advanced hunting or if there are specific scenarios or techniques you would like us to demonstrate in future webinars, please don’t hesitate to bring them up here in our Tech Community.
Also, sharing is caring! Now that you've become a hunting ninja, please share your hunting queries with the community at https://aka.ms/hunting-queries.