On-demand webcast series: “Tracking the adversary”
Published Aug 10 2020 01:20 PM 11.8K Views

Thanks to everyone who joined us throughout these epic four episodes of “Tracking the adversary”. We had lots of attendees and received overwhelming feedback!


Don’t worry if you missed any of the episodes. All webcasts have been recorded, so it’s not too late to become an expert in hunting for threats with advanced hunting in Microsoft Threat Protection.


You can watch all four episodes on demand:




Download MP4

Watch on YouTube

Episode 1: KQL fundamentals

In the first episode, we cover the basics of advanced hunting capabilities in Microsoft Threat Protection (MTP). Learn about available advanced hunting data and basic KQL syntax and operators.



Episode 2: Joins

In episode 2, we continue learning about data in advanced hunting and how to join tables together. Learn about inner, outer, unique, and semi joins, as well as the nuances of the default Kusto innerunique join.



Episode 3: Summarizing, pivoting, and visualizing data

Now that we’re able to filter, manipulate, and join data, it’s time to start summarizing, quantifying, pivoting, and visualizing. In this episode, we cover the summarize operator and some of the calculations you can perform while diving into additional tables in the advanced hunting schema. We turn our datasets into charts that can help improve analysis.



Episode 4: Let’s hunt! Applying KQL to incident tracking

Time to track some attacker activity! In this episode, we use our improved understanding of KQL and advanced hunting in Microsoft Threat Protection to track an attack. Learn some of the tips and tricks used in the field to track attacker activity, including the ABCs of cybersecurity and how to apply them to incident response.




This webcast series was presented by Michael Melone, Principal Program Manager at Microsoft and resident threat hunter. He started this webcast series with the basics of threat hunting and then continued with more sophisticated techniques in succeeding episode. Michael brings more than seven years of threat hunting experience from his time with Microsoft Detection and Response Team (DART), where he responded to targeted attack incidents and helped our customers become cyber-resilient.


Throughout the series, he was joined by Tali Ash, the feature Program Manager for advanced hunting, who answered all your chat questions and presented some cool additional capabilities in the last episode.


If you have any questions about advanced hunting or if there are specific scenarios or techniques you would like us to demonstrate in future webinars, please don’t hesitate to bring them up here in our Tech Community.


Also, sharing is caring! Now that you've become a hunting ninja, please share your hunting queries with the community at https://aka.ms/hunting-queries.


For more information about existing and future webcasts, visit: https://aka.ms/securitywebinars



Version history
Last update:
‎Dec 23 2021 10:43 AM
Updated by: