If you've worked with Microsoft security tools in the last few years, you've probably come across references to Kusto Query Language (KQL) - the backbone of querying and analysis in their tools like Defender and Sentinel. While attending this talk won't make somebody an expert, the hope is that it might save them some time and prevent headaches during their next investigation. This talk will cover high level info such as:
-Important aspects of the Defender and Sentinel data schemas
-Query structure and examples
-Methods of data analysis in KQL
-Use cases aka how to make your coworkers go "Wait, how did you get that data?"

This talk is focused specifically on KQL, but the use cases and generic concepts can be transferred to most other security tool that provides you the ability to query raw data. After all it doesn't matter if it's SQL, AQL, SPL, FQL, SparQL, or some query language no one has ever heard of, what matters is that we get the data we need.