If you've used Microsoft Sentinel, Azure Monitor, or Log Analytics Workspace (LAW) for more than a few minutes, you've inevitably come across the Kusto Query Language, or KQL for short. KQL is the mechanism to pull data out of these repositories for reporting and charting using queries. Users familiar with SQL and Databases will feel right at home with this tool. Analysts who do not have a technical background will struggle though. For as much as Microsoft markets these tools as Low Code and No Code solutions, KQL can be a challenge with a steep learning curve.
Databases and LAWs share much of their DNA, the main difference being LAW as rolling records based on time. This means data within LAW will eventually expire and be discarded. When you need to pull data out of a LAW table, you will need to write a KQL query. If you need some basic data pulled from 1 table, this isn't a huge challenge, but the complexity rises quickly from there. Filtering out data on certain conditions or cross referencing with other tables can be a daunting task. It will require a technical mindset to logically think through the steps that LAW needs to execute in order to correlate the data. For a busy analyst, this is time spent learning how the system works, reading dozens of documentation and syntax pages, and hours worth of testing in order to generate 1 report. The analyst then needs to make sure that the data is there to start with and keep the queries up to date for changing report requirements or schema updates.
The expert team at Senserva helps to address this knowledge gap and build on top of those reports. Our patented solution keeps data current in the LAW, and our focused UI builds custom reports for the time-crunched analyst. The best part is how our team takes care of the KQL for you. Reports are generated by simply selecting your LAW and applying any desired filters with easy selection tools. Our team is able to support your needed reports to your specifications and keeps up with changes as they happen.
Our customer care team at Senserva can help to streamline your reporting needs and build detections & cross reference unique data signals to set you apart from the competition. Contact us today to learn more and schedule a demo.