Must Learn KQL: Essential Learning for the Cloud-focused Data Scientist

Must Learn KQL - the blog series, the book, the video channel, the merch store

After hearing that our customers' largest barrier to using things like Defender, Microsoft Sentinel, and even reporting for Microsoft Intune is KQL - the query language - that was a wake-up call for me. And, of course, (if you know me) I wanted to do something about it.

So, the Must Learn KQL learning was born.

KQL is a beautifully simple query language to learn. And believe me - if I can learn it, there's no question that anyone can learn it. After hearing that from our customers and after researching and finding a true lack of knowledge resources around KQL, I felt bad because I had taken for granted that everyone already had the proper resources to become proficient. But that was not the case.

Internally, plans are in development to make KQL learning a bigger focus and you'll see new education around this query language start to take shape in various areas on the Microsoft properties and elsewhere. So, that's good news for everyone.

For many already, this book has changed their life. In just 20 chapters, it took them from zero knowledge to becoming addicted to this easy to learn query language that is a necessary skill for anyone working with data in the cloud. Whether you are a data scientist or versed in cybersecurity, understanding KQL is a necessity.

KQL is the new PowerShell. It's that important.

This book is a solid introduction to KQL, filled with discussion, explanations, query samples, and hands-on activities supplied through a demo environment anyone can access.

The book takes a logical, methodical approach to learning. Each chapter builds on the next. And while this book is focused on security and cybersecurity, the concepts here are necessary building blocks for gaining a good grasp of the query language for any use. And there's even a completion certificate that can be requested once the work is complete

The TOC: Chapter 1: Tools and ResourcesChapter 2: Just Above Sea LevelChapter 3: WorkflowChapter 4: Search for Fun and ProfitChapter 5: Turn Search into WorkflowChapter 6: Interface IntimacyChapter 7: Schema TalkChapter 8: The Where OperatorChapter 9: The Limit/Take OperatorsChapter 10: The Count OperatorChapter 11: The Summarize OperatorChapter 12: The Render Operator (with Bin and Time)Chapter 13: The Extend OperatorChapter 14: The Project OperatorChapter 15: The Distinct OperatorChapter 16: The Order/Sort and Top OperatorsChapter 17: The Let StatementChapter 18: The Union OperatorChapter 19: The Join OperatorChapter 20: Building your first Microsoft Sentinel Analytics Rule

The series has its own short link where you'll always find the most current version of the book, the query examples - everything. To get there, just remember the easy URL: https: //aka.ms/MustLearnKQL

Looking for Advanced topics? Check out the Addicted to KQL series: http: //aka.ms/Addicted2KQL

Did you complete the book? Well, congratulations When you're ready, take the assessment and receive a bona fide certificate

The assessment is 25 questions taken directly from the Must Learn KQL series. So, you can take advantage of the open book test, or challenge yourself by attempting to pass without help. Based on the honor system, you can miss 5 questions (80%). Once completed, send an email request to MustLearnKQL@sixmilliondollarman.onmicrosoft.com and request your certificate.

Take the assessment: https: //cda.ms/4hh