Must Learn KQL Now Available from Amazon

The Must Learn KQL series has been a success with over 700 completion certificates delivered so far and many thousands more who have gone through the course or still progressing through. I fully expect to see over 1,000 certificates delivered soon. And this has all been through just word of mouth and focused directly on … Continue reading Must Learn KQL Now Available from Amazon →

The Microsoft Security Insights Podcast is Coming to Microsoft Reactor

For fans of the weekly Microsoft Security Insights podcast, Frank, Edward, Brodie, and I have some awesome news to share. The popularity of the podcast continues to grow. Not only is the listener audience in an exploding growth spurt, but there are many security experts coming out of the woodwork asking to come on the … Continue reading The Microsoft Security Insights Podcast is Coming to Microsoft Reactor →

Addicted to KQL Part 0: The Wit and Wisdom of Standard Columns in Azure Monitor Logs

The Addicted to KQL series is an ongoing, advanced series for KQL. For beginning topics don't start here. Instead, see the original Must Learn KQL series. The series TOC along with the currently completed chapters, sample queries, series images, and even the series eBook will always be located at the following shortlink: https://aka.ms/Addicted2KQL ======================= I have a … Continue reading Addicted to KQL Part 0: The Wit and Wisdom of Standard Columns in Azure Monitor Logs →

Take the Assessment, Get Your Must Learn KQL Certificate

The Must Learn KQL series has reached its completion, but that doesn't mean it's over. In March, I'll kick off the next step in KQL learning in an advanced series called Addicted to KQL. For those just catching on, the Must Learn KQL series has educated close to 5,000 people since it started in November … Continue reading Take the Assessment, Get Your Must Learn KQL Certificate →

Must Learn KQL Part 20: Building Your First Microsoft Sentinel Analytics Rule

This post is part of an ongoing series to educate about the simplicity and power of the Kusto Query Language (KQL). If you’d like the 90-second post-commercial recap that seems to be a standard part of every TV show these days… The full series index (including code and queries) is located here: https://aka.ms/MustLearnKQL The book … Continue reading Must Learn KQL Part 20: Building Your First Microsoft Sentinel Analytics Rule →

The Unified Microsoft Sentinel and Microsoft 365 Defender Repository

As product and services always to continue to align its great to see movement in areas that provide pure value. The Microsoft Sentinel GitHub repository has now made room to house Microsoft 365 Defender Hunting queries. KQL is the tie that binds these two security services, and because of that, Hunting queries for Microsoft 365 … Continue reading The Unified Microsoft Sentinel and Microsoft 365 Defender Repository →

Must Learn KQL Part 18: The Union Operator

Update on the Must Learn KQL Series

Since November, I've delivered many pages worth of KQL learning through the Must Learn KQL series. The series has reached heights I never expected and the impact for our customers and for our security products has been incredible. Thanks to everyone for your participation and engagement! I've mentioned this in passing in social network situations, … Continue reading Update on the Must Learn KQL Series →

Must Learn KQL Part 17: The Let Statement

And now…the Must Learn KQL Video series!

Imagine my surprise how popular and far-reaching the Must Learn KQL education series has gotten. I started a blog series about something I knew was important and just hoped -HOPED- someone else would also understand the importance. It's truly taken on a life of itself. I've been invited to speak about it several times already … Continue reading And now…the Must Learn KQL Video series! →