Update on the Must Learn KQL Series

Since November, I’ve delivered many pages worth of KQL learning through the Must Learn KQL series. The series has reached heights I never expected and the impact for our customers and for our security products has been incredible. Thanks to everyone for your participation and engagement!

I’ve mentioned this in passing in social network situations, but not yet made a more formal proposal of the future of the series and KQL learning as part of this extraordinary project.

I recently updated the TOC for the Must Learn KQL series. This preliminary series will end at part/chapter 20. I did this for a couple reasons:

  1. The original goal of the series (to provide a good introduction to KQL for Microsoft Sentinel) will have been reached. The series is and will continue to be a success – no question.
  2. I originally thought I’d build this series out indefinitely and just keep adding on with new and more advanced concepts – but some of the topics really deserve a series of their own.

So, based on the series’ success on reaching the goal and needing to push beyond that original goal, there will be an advanced series. Shortly after the Must Learn KQL series is compete, I’ll be kicking off the Addicted to KQL series. Addicted to KQL is the advanced learning. Planning has begun and the new series already has its placeholder framework at: https://aka.ms/Addicted2KQL

And, of course, already has its super, extra-cool series branding…

Advanced KQL series

Addicted to KQL will be a bit different than the original series. While I personally drove and wrote the entire first series myself, I will be working with collaborators for the second series. My collaborators will include other Microsoft folks, MVPs, and others. The goal is to deliver a true community collaborative learning path for advanced KQL topics.

But wait! That’s not all for the original series:

I’m in talks next week with the product team to make the Must Learn KQL series an official part of the Microsoft Sentinel documentation, I’m currently working on completing (before the series is done) and actual Ninja assessment and certificate, and I’ll be working in the near future to turn the series into an official Microsoft Learn module. Who knows? Maybe some of it will end up as questions on an updated certification exam. <wink, wink>

And don’t worry, the original series will live on and continually be updated when necessary, so that it’s always the best and easiest method to get your security-minded colleagues up-to-speed.

So…lots of cool stuff planned. Thanks again for coming alongside. As always, any thoughts, comments, concerns, or suggestions hit me up on Twitter at @rodtrent or on LinkedIn.

KQL is life!


[Want to discuss this further? Hit me up on Twitter or LinkedIn]

[Subscribe to the RSS feed for this blog]

[Subscribe to the Weekly Microsoft Sentinel Newsletter]

[Subscribe to the Bi-Weekly Defender for Cloud Newsletter]

[Learn KQL with the Must Learn KQL series and book]


Leave a Reply