orangecon

CFP Now Open!

T6: from zero to kql-hero

Training Details

1-DAY TRAINING, 2 SEPTEMBER @ MEERVAART AMSTERDAM
TICKET PRICE: €900 EX BTW


This highly interactive training will help newcomers to master the Kusto Query Language!

KQL us used in a lot of Microsoft products nowadays, specifically the security products that are part of Microsoft Defender XDR. Getting proficient in this query language is very useful if you work with these products on a regular basis. Like when investigating potential threats, pro-active threat hunting, visualizing data and building your own dashboards.

Course overview

  • We start at level 0 and gradually ramp up to more difficult assignments throughout the day.
  • Get hands-on experience by diving into several challenges. There might be nice giveaways for those who solve them first. Don’t worry if you can’t solve them right away; we will dissect every challenge together and discuss different approaches to help you develop problem-solving skills for future challenges.
  • Learn best practices from the field, including common solution scenarios and optimizing your queries for efficiency.

This training is focused on anyone working in the (Microsoft) security field with little to no experience with KQL. The only thing you need to bring is your laptop and an appetite to learn something new!

GET YOUR TICKET NOW
GET YOUR TICKET NOW

KOOS GOOSSENS


Koos started out as an all-round ‘generalist’ where he gained many years of experience working for small business by configuration, migrating and troubleshooting Windows environments, private-cloud infrastructure and everything that comes with it like networking, storage and hypervisors.

Since the end of 2017, his focus has primarily shifted towards Microsoft Azure, and as of late specifically Azure Security and other Microsoft Security products, like Microsoft Sentinel and Defender XDR.

Besides helping with architectural design choices, he also finds it important to be able to build the solutions as well. So, he is no stranger to ARM templates, PowerShell, Git and Azure DevOps Pipelines.

Lately he has been focusing mainly on implementing Microsoft Sentinel and improving Security Operation Centers by helping with the development of new detections and ingesting log sources. But also applying processes for automatic enrichments and investigations. So, KQL and Azure Logic Apps became two of his new best friends!

He likes to share the challenges he encounters and his solutions in his articles on Medium and in session on events. This led to Microsoft awarding him MVP in the Security category in 2023.