This manual contains my polished notes on KQL. I attempted enchancing all the operators with examples to provide more context.
Many of the examples used in the manual don't make too much sense or add any value in terms of threat hunting but where used to showcase the operators.
If you spot an issue or incorrect understanding of an operator let me know on Twitter SecGroundZero