Adx

Definition

Azure Data Explorer is a cloud-based data analytics platform that helps you search and analyze large amounts of log data very quickly. It is designed for scenarios where many events are being collected every second, such as network logs, authentication logs, web traffic data, or system activity inside a company.

In cybersecurity investigations, analysts use ADX to sift through these logs to look for unusual behavior, patterns, or signs of an attack. ADX stores data in tables and allows analysts to write queries to filter, sort, group, and connect information across different sources.

ADX uses the Kusto Query Language (KQL), which is the same query language used in many cybersecurity tools across Microsoft security products. KC7 uses ADX so players can practice real investigative skills in a realistic environment.

**Example question**
How many failed logins came from a single IP address?

**Example KQL query**

```
AuthenticationEvents
| where ResultType == "Failed"
| summarize count() by src_ip
| top 5 by count_
```

**Why defenders use it**

* It can search millions of events in seconds
* It helps analysts timeline and scope security incidents
* It supports fast, iterative investigation as new clues appear

Adx

Definition

Explore More Terms