PHASE: Kibana Query Language50% COMPLETION
MODULE 16
Elastic Stack for Hunters
Using Kibana (KQL) to visualize and hunt through massive datasets.
Kibana Query Language
KQL is a powerful query language for Elasticsearch.
process.name: "powershell.exe" AND process.command_line: *-enc*
event.code: 4624 AND winlog.event_data.LogonType: 3
event.code: 4624 AND winlog.event_data.LogonType: 3