Debra [email protected]

As organizations adopt multi-cloud and hybrid cloud architectures, they must equip themselves with advanced tools and methodologies that enable them to proactively identify vulnerabilities, enforce security policies, and swiftly respond to potential threats. One of the foremost difficulties of security teams today is the sheer volume of security issues that emerge on a daily basis. A multitude of security challenges demand resolution, and the resources available are consistently insufficient to tackle them comprehensively. The query explorers offered by most CSPM tools serve as a powerful means by which security professionals can gain deep insights into their cloud configurations, activities, and interactions. Query explorers are extremely useful in threat-hunting activities to investigate and uncover security threats within an organization’s digital environment. In this chapter, we will focus on a comprehensive exploration of the roles that query explorers and threat hunting play in the CSPM landscape. We will also explore graph explorers and one of the most popular query languages, Kusto Query Language (KQL).

This chapter will cover the following:

  • Query explorer and attack paths overview
  • KQL basics in the context of CSPM tools
  • Best practices for effective investigation
  • Lessons learned from threat investigation

Let’s get started!