I'm happy to share...
A cross-platform web interface for Microsoft's Kusto Emulator. Develop KQL queries, experiment with graph semantics, and build Kusto applications locally — without provisioning Azure resources or incurring cluster costs.
The Problem
Microsoft's Kusto Emulator brings the full KQL engine to your laptop as a Docker container — but it ships without any user interface. Today, your options are Kusto.Explorer (Windows-only desktop app requiring manual connection string editing), the Kusto CLI, or raw SDK calls. There is no cross-platform, browser-based way to work with the emulator.
If you are building Kusto applications, developing KQL queries for Azure Data Explorer, Microsoft Sentinel, Microsoft Fabric Eventhouse, or Defender XDR, you currently need either a live Azure cluster (with associated costs) or the limited free cluster to iterate on your work.
Kustainer UI fills this gap.
What Kustainer UI Provides
A familiar, browser-based development environment that runs alongside the Kusto Emulator on any platform — Linux, macOS, or Windows. One docker compose up gives you a full KQL workbench with a Monaco editor, database browser, results grid, and chart rendering.
A KQL graph semantics playground. KQL's graph-match, graph-shortest-paths, and make-graph operators are among the most powerful features in the Kusto platform, and Microsoft is investing heavily in graph analytics across ADX, Sentinel, and Fabric. Kustainer UI lets you develop and visualise graph queries locally with interactive D3 force-directed layouts, before deploying them to production clusters.
A complete, working application built on Kusto. Rather than shipping an empty shell, Kustainer UI includes a fully realised security posture analysis application that demonstrates what you can build when you combine KQL's analytics engine with its graph operators. This security use case serves as both a reference architecture and a genuinely useful tool.
The included security application can harvest identity and infrastructure data from your Azure tenant, map relationships in an interactive graph, analyse blast radius and attack paths using the Kusto engine's native graph operators, and surface findings through pre-built reports — all running locally on your own hardware. Your data never leaves your network.
The full source code is available at https://github.com/LaurieRhodes/kustainer-ui
- Log in to post comments