Must Learn KQL - the blog series, the book, the video channel, the merch store, the workshop, and much more...
The eBook (PDF) is updated whenever changes are made or new parts of the series are released. Get the book: https://github.com/rod-trent/MustLearnKQL/tree/main/Book_Version
Want a paperback version of the book? You can order a copy from Amazon.com: https://amzn.to/39maJSX - (as with the merch below, all profit goes directly to St. Jude)
There's a YouTube channel for the Must Learn KQL series. My colleague, David Hall, is taking the series and producing follow-along videos: Follow that here: https://youtu.be/rcy2uSMLyqo
Love the series so much you want a coffee mug? There's now a merch store where all proceeds go to St. Jude Children's Research Hospital. Check it out! MUST LEARN KQL STORE
The series has it's own shortlink. To return back here, just remember the easy URL: https://aka.ms/MustLearnKQL
Must Learn KQL is always evolving and updating. Curious about what's new and exciting? Monitor the What's New page
Looking for Advanced topics? Check out the Addicted to KQL series: http://aka.ms/Addicted2KQL
Table of Contents
The following are links to the entire series so far:* Must Learn KQL Part 1: Tools and Resources - Posted November 17, 2021 - Video Edition
* Must Learn KQL Part 2: Just Above Sea Level - Posted November 18, 2021
* Must Learn KQL Part 3: Workflow - Posted November 19, 2021 - Video Edition
* Must Learn KQL Part 4: Search for Fun and Profit - Posted November 22, 2021
* Must Learn KQL Part 5: Turn Search into Workflow - Posted November 29, 2021 - Video Edition
* Must Learn KQL Part 6: Interface Intimacy - Posted December 2, 2021, Updated May 13, 2022 - Video Edition
* Must Learn KQL Part 7: Schema Talk - Posted December 7, 2021 - Video Edition
* Must Learn KQL Part 8: The Where Operator - Posted December 8, 2021 - Video Edition
* Must Learn KQL Part 9: The Limit/Take Operators - Posted December 13, 2021 - Video Edition
* Must Learn KQL Part 10: The Count Operator - Posted December 14, 2021 - Video Edition
* Must Learn KQL Part 11: The Summarize Operator - Posted January 5, 2022 - Video Edition
* Must Learn KQL Part 12: The Render Operator (with Bin and Time) - Posted January 10, 2022 - Video Edition
* Must Learn KQL Part 13: The Extend Operator - Posted January 18, 2022 - Video Edition
* Must Learn KQL Part 14: The Project Operator - Posted January 20, 2022 - Video Edition
* Must Learn KQL Part 15: The Distinct Operator - Posted January 24, 2022 - Video Edition
* Must Learn KQL Part 16: The Order/Sort and Top Operators - Posted January 26, 2022 - Video Edition
* Must Learn KQL Part 17: The Let Statement - Posted February 1, 2022 - Video Edition
* Must Learn KQL Part 18: The Union Operator - Posted February 7, 2022 - Video Edition
* Must Learn KQL Part 19: The Join Operator - Posted February 14, 2022 - Video Edition
* Must Learn KQL Part 20: Building your first Microsoft Sentinel Analytics Rule - Posted February 17, 2022 - Video Edition
Did you complete the entire series?!! Well, congratulations! When you're ready, take the assessment and receive a bona fide certificate!
The assessment is 25 questions taken directly from the Must Learn KQL series. So, you can take advantage of the open book test, or challenge yourself by attempting to pass without help. Based on the honor system, you can miss 5 questions (80%). Once completed, send an email request to [email protected] and request your certificate.
Take the assessment: Must Learn KQL Assessment (https://aka.ms/PassMustLearnKQL)
