Must Learn KQL - the blog series, the book, the video channel, the merch store

After hearing that our customers' largest barrier to using things like Defender, Microsoft Sentinel, and even reporting for Microsoft Intune is KQL - the query language - that was a wake-up call for me. And, of course, (if you know me) I wanted to do something about it.

So, the Must Learn KQL learning was born.

KQL is a beautifully simple query language to learn. And believe me - if I can learn it, there's no question that anyone can learn it. After hearing that from our customers and after researching and finding a true lack of knowledge resources around KQL, I felt bad because I had taken for granted that everyone already had the proper resources to become proficient. But that was not the case.

Internally, plans are in development to make KQL learning a bigger focus and you'll see new education around this query language start to take shape in various areas on the Microsoft properties and elsewhere. So, that's good news for everyone.

For many already, this book has changed their life. In just 20 chapters, it took them from zero knowledge to becoming addicted to this easy to learn query language that is a necessary skill for anyone working with data in the cloud. Whether you are a data scientist or versed in cybersecurity, understanding KQL is a necessity.

KQL is the new PowerShell. It's that important.

This book is a solid introduction to KQL, filled with discussion, explanations, query samples, and hands-on activities supplied through a demo environment anyone can access.

The book takes a logical, methodical approach to learning. Each chapter builds on the next. And while this book is focused on security and cybersecurity, the concepts here are necessary building blocks for gaining a good grasp of the query language for any use. And there's even a completion certificate that can be requested once the work is complete!

The TOC:

• Chapter 1: Tools and Resources
• Chapter 2: Just Above Sea Level
• Chapter 3: Workflow
• Chapter 4: Search for Fun and Profit
• Chapter 5: Turn Search into Workflow
• Chapter 6: Interface Intimacy
• Chapter 7: Schema Talk
• Chapter 8: The Where Operator
• Chapter 9: The Limit/Take Operators
• Chapter 10: The Count Operator
• Chapter 11: The Summarize Operator
• Chapter 12: The Render Operator (with Bin and Time)
• Chapter 13: The Extend Operator
• Chapter 14: The Project Operator
• Chapter 15: The Distinct Operator
• Chapter 16: The Order/Sort and Top Operators
• Chapter 17: The Let Statement
• Chapter 18: The Union Operator
• Chapter 19: The Join Operator
• Chapter 20: Building your first Microsoft Sentinel Analytics Rule

The series has its own short link where you'll always find the most current version of the book, the query examples - everything. To get there, just remember the easy URL: https: //aka.ms/MustLearnKQL

Looking for Advanced topics? Check out the Addicted to KQL series: http: //aka.ms/Addicted2KQL

Did you complete the book?!! Well, congratulations! When you're ready, take the assessment and receive a bona fide certificate!

The assessment is 25 questions taken directly from the Must Learn KQL series. So, you can take advantage of the open book test, or challenge yourself by attempting to pass without help. Based on the honor system, you can miss 5 questions (80%). Once completed, send an email request to MustLearnKQL@sixmilliondollarman.onmicrosoft.com and request your certificate.

Take the assessment: https: //cda.ms/4hh