Kusto Gym

By Gianni Castaldi

Welcome to the Kusto Gym,

On your road to become a Kusto Knight, there are some exercises to put the theory into action.

Where do we store the data in Kusto

In the blog post we saw the Azure Data Explorer as example, so for this exercise I want to ask you to go to the Azure Data Explorer demo environment, and do the following:

  • What is the display name and the URI of the cluster?
  • What is the name of the database?
  • What is the name of the external table, and the name of te first column?
Answers

  • The display name of the cluster is help and the URI is https://help.kusto.windows.net/
  • The name of the database is Samples
  • The name of the external table is TaxiRides and the first column is trip_Id

[collapse]

Which data types do we have

In the blog post we saw the different data types in Kusto. For this exercise I want to ask you to go to your Azure Sentinel, and do the following:

  • What is the data type of the TenantId value in the SecurityAlert table?
  • What are all the data types of the SigninLogs table?

When you do not have access to an Azure Sentinel instance you could also use the Log Analytics Demo environment.

Answers

  • The data type of the TenantId is string, read more about the gettype() function

  • To view all the data types of the Signinlogs table I used the getschema operator

[collapse]
Alternative Text

By Gianni Castaldi

MVP | NinjaCat | Researching and Engineering Cyber Security @ KustoWorks

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close