This article is contributed. See the original author and article here.

Do you want to proactively hunt for threat activity like an expert? Then don’t miss our upcoming webinar series, “Tracking the adversary”!

Michael Melone, Principal Program Manager at Microsoft and resident threat hunter, will start with the basics of threat hunting and cover more advanced techniques throughout the series. Our hope is that you’ll come out of this a rock star in advanced hunting and Kusto Query Language (KQL).

Michael brings more than seven years of threat hunting experience from his time with Microsoft Detection and Response Team (DART), where he responded to targeted attack incidents and helped our customers become cyber-resilient.


The details of the series are below. You can register to get a calendar invite at this registration link.   

Go-live date


Webinar description

July 15th

Microsoft Threat Protection – Tracking the adversary, episode 1: KQL fundamentals

In the first episode, we will cover the basics of advanced hunting capabilities in Microsoft Threat Protection (MTP). Learn about available advanced hunting data and basic KQL syntax and operators. The best part?  No slides!

July 22nd

Microsoft Threat Protection – Tracking the adversary, episode 2: Joins

In episode 2, we will continue learning about data in advanced hunting and how to join tables together. Learn about inner, outer, unique, and semi joins, as well as the nuances of the default Kusto innerunique join. Make Edgar F. Codd proud!

July 29th

Microsoft Threat Protection – Tracking the adversary, episode 3: Summarizing, pivoting, and visualizing Data

Now that we’re able to filter, manipulate, and join data, it’s time to start summarizing, quantifying, pivoting, and visualizing. In this episode, we will cover the summarize operator and some of the various calculations you can perform while diving into additional tables within MTP. We will turn our datasets into charts that can help improve analysis.

August 5th

Microsoft Threat Protection – Tracking the adversary, episode 4: Let’s hunt! Applying KQL to incident tracking

Time to track some attacker activity! In this episode, we will use our improved understanding of KQL and advanced hunting in Microsoft Threat Protection to track an attack. Learn some of the tips and tricks used in the field to track attacker activity, including the ABCs of cybersecurity and how to apply them to incident response.


We hope to see you!

Brought to you by Dr. Ware, Microsoft Office 365 Silver Partner, Charleston SC.