Easy Way to Build KQL Query Templates for Azure Services
KQL'ing is chic
If you want KQL queries to monitor general Azure services, there’s actually a pretty easy, quick way to build them. This is not a hidden feature, by any means, but probably (for some of you) something that you’ve overlooked hundreds of times.
In the Azure portal, when you access a number of Azure services, there’s an Open Query option.
When you access this option, you’re taken to Azure Resource Graph Explorer and a KQL query is auto-build for you for that specific service. You can use this query as offered or grab it to use as a template for building a query to produce other results that you want.
P.S. Not all Azure services have this option. Only those that utilize Azure Graph for information. You can go to the All Services pane in Azure to check the specific services.
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
[Subscribe to the RSS feed for this blog]
[Subscribe to the Weekly Microsoft Sentinel Newsletter]
[Subscribe to the Weekly Microsoft Defender Newsletter]
[Learn KQL with the Must Learn KQL series and book]