Blog Post

Microsoft Sentinel Blog

4 MIN READ

Advanced KQL Framework Workbook - Empowering you to become KQL-savvy

Microsoft

Dec 16, 2021

Kusto Query Language (KQL) is the language used in Microsoft Sentinel to perform search, analysis, write detection rules and visualise data in Workbooks. The language is also widely used in Azure wit...

Updated Dec 16, 2021

Version 1.0

JeremyTan

Microsoft

Joined September 26, 2018

View Profile

Microsoft Sentinel Blog

Microsoft Sentinel is an industry-leading SIEM & AI-first platform powering agentic defense across the entire security ecosystem.

JeremyTan

Microsoft

Dec 18, 2021

Hi Brok3NSpear ,

If you still not seeing it in your environment and would like to give it a try, you can use the json file below to deploy it manually. Thanks

Azure-Sentinel/AdvancedKQL.json at master · Azure/Azure-Sentinel (github.com)