MustLearnKQL - The Extend Operator

A demonstration of how to use the KQL Extend operator and integrate it into your workflow.
Get the Ebook
Get the Paperback
MustLearnKQL Store (all profit goes directly to St. Jude)
KQL Best Practices

Cliffnotes

  • Used to create custom views of data to better inform risk
    • Allows you to create custom columns in real-time
      • This custom data is not stored in the DB, created on the "fly"
    • Create calculated columns

Basic workflow

  1. What table is the data coming from?
  2. Use Extend to create a new column with a custom name
  3. Insert data in the new Column for visualization purposes (not stored)

Website: www.cyberautomate.io
Twitter: @cyberautomate
https://github.com/cyberautomate