Cover Image for KQL for Data and Security Professionals
Cover Image for KQL for Data and Security Professionals
Avatar for GeoCyber Systems LLC
109 Going

KQL for Data and Security Professionals

YouTube
Registration
Welcome! To join the event, please register below.
About Event

β€‹πŸ“… Tuesday, August 4, 2026 ⏰ 7:30 – 9:00 AM PT | 10:30 AM – 12:00 PM ET | 2:30 – 4:00 PM GMT | 3:30 – 5:00 PM WAT | 8:00 – 9:30 PM IST πŸ“Ί YouTube Livestream

​This is Session 5 and the closing session of the Microsoft Fabric Location Intelligence & Security User Group Data Days series, running June through August 2026. πŸŽ™οΈ

​KQL is one of the most practical and immediately useful skills you can add to your toolkit in 2026. It is the query language of Microsoft Sentinel, Microsoft Defender, Microsoft Fabric Real-Time Intelligence, and Eventhouse β€” and it is rapidly becoming a shared language across data engineering, security operations, and AI workloads.

​This session is designed for both communities. If you come from a data background, you will learn how KQL extends what you already know. If you come from a security background, you will see how KQL scales beyond threat hunting into operational analytics and business intelligence. And if you attended Win in the Seams on July 25, this session goes deeper on the technical foundations introduced there.


β€‹πŸ“ WHAT THIS SESSION COVERS

​KQL is not just a security tool or just a data tool. It is the connective language between real-time signals, telemetry, logs, and decisions β€” and this session shows both communities how to use it across the full Microsoft ecosystem.


​YouTube Livestream:

β€‹πŸ“‹ TOPICS

β€‹πŸŸ£ KQL Foundations for Both Communities β€’ What KQL is and how it differs from SQL: syntax, philosophy, and use cases β€’ Why KQL is optimized for time-series, telemetry, and event data β€’ Core KQL operators every practitioner needs: where, summarize, extend, project, join, render β€’ Reading and writing KQL queries from scratch: a practical walkthrough β€’ How Copilot and natural language can help you write and interpret KQL queries in Fabric β€’ KQL versus SQL: when to use each inside Microsoft Fabric

β€‹πŸŸ’ KQL in Microsoft Fabric Real-Time Intelligence β€’ What Eventhouse is and how KQL databases are structured inside Fabric β€’ Ingesting streaming data into Eventhouse: Eventstreams, APIs, and connectors β€’ Querying real-time and historical data with KQL inside a Fabric workspace β€’ Building Real-Time Dashboards powered by KQL queries β€’ Eventhouse remote MCP: enabling AI agents to query real-time data using natural language and KQL β€’ Business events flowing automatically into Eventhouse for KQL analysis β€’ Anomaly detection running directly on live time-series and event datasets in Eventhouse β€’ Workspace monitoring: tracking Eventstream health, throughput, and errors using KQL tables

β€‹πŸŸ  KQL for Security Professionals β€’ KQL in Microsoft Sentinel: hunting, detection rules, and incident investigation β€’ KQL in Microsoft Defender: endpoint telemetry and threat analytics β€’ Common security KQL patterns: login anomalies, privilege escalation, lateral movement, data exfiltration β€’ Building custom detection rules and watchlists using KQL β€’ Correlating identity signals from Entra ID with security telemetry using KQL β€’ SC-200 and SC-500 certification contexts where KQL skills are directly tested

β€‹πŸ”΅ KQL for Data Professionals β€’ Using KQL to analyze operational telemetry alongside business data in Fabric β€’ Geospatial and location signals as KQL inputs: correlating event data with location context β€’ Joining security logs with business data to surface operational intelligence β€’ How KQL queries power both security detection and business analytics on the same data β€’ Eventhouse as the connective layer between security logs and OneLake business data β€’ Turning events into decisions before the window closes: practical patterns for data engineers

β€‹πŸ©· Live Query Demonstrations β€’ Writing and running KQL queries live against a Fabric Eventhouse β€’ A security hunting query built and explained step by step β€’ A business analytics query using the same KQL patterns applied to operational data β€’ Using Copilot to generate and refine KQL queries in Real-Time Intelligence β€’ Resources for going deeper: KQL learning path on Microsoft Learn, SC-200 and DP-700 study materials, and community channels


​πŸ‘₯ WHO SHOULD ATTEND

​This session is for anyone who works with data, logs, telemetry, or real-time signals in the Microsoft ecosystem, including:

β€‹βœ… Data Engineers and Analytics Engineers working with Real-Time Intelligence βœ… Security Analysts and SOC Engineers using Microsoft Sentinel or Defender βœ… Fabric Architects designing event-driven and real-time analytics solutions βœ… Governance and Compliance professionals working with audit logs and telemetry βœ… Anyone preparing for SC-200, SC-500, DP-700, or DP-800 certification βœ… Anyone who attended Win in the Seams on July 25 and wants to go deeper

​No prior KQL experience required. πŸ› οΈ


β€‹πŸ“Ί FORMAT

​Interactive YouTube livestream with full replay available after the event. This session includes live query demonstrations and Q&A. Come with your KQL questions β€” beginners and experienced practitioners are both welcome.


​ℹ️ ABOUT THIS SERIES

​This is the closing session of the Microsoft Fabric Location Intelligence & Security User Group Data Days series, a set of focused 90-minute sessions running June through August 2026 on YouTube.

​Series arc: πŸ“ June 23: Location Intelligence with Maps and GeoAnalytics in Microsoft Fabric 🌿 June 30: Get to Know Esri: From Living Atlas to Spatial Analysis for Fabric Users πŸ” July 7: Data and AI Security and Governance in Microsoft Fabric 🧠 July 21: Fabric IQ for Data Professionals πŸ“Š August 4: KQL for Data and Security Professionals

​The Microsoft Fabric Location Intelligence & Security User Group is not affiliated with or run by the Microsoft Fabric Community or the Fabric User Group Network.

Avatar for GeoCyber Systems LLC
109 Going