# Useful Resources 🔦 I started to learn KQL in Summer 2020. I just quit my long term job and collected two months of vacation. Beginning of my vacation was ok, but I found I was bored shortly after and needed to learn something new. So I found KQL! KQL is so powerful and intersting, and I use it almost everyday. Where and how did I start to learn this? Here is my list of where I begin. * Pluralsight: [Kusto Query Language (KQL) from Scratch by Robert Cain](https://app.pluralsight.com/library/courses/kusto-query-language-kql-from-scratch/table-of-contents) ### Blogs * Blog: [MSEndpointMgr.com](https://msendpointmgr.com/tag/log-analytics/) * Blog: [Become a KQL Ninja by Huy Kha](https://identityandsecuritydotcom.wordpress.com/2020/08/07/become-a-kql-ninja/) * Blog: [Kusto King by Gianni Castaldi](https://www.kustoking.com/kusto-knight/) * Blog: [Azure Cloud & AI Domain Blog](https://azurecloudai.blog/) * Blog: [Must Learn KQL by Rod Trent](https://aka.ms/MustLearnKQL) * Blog: [CloudSMA by Billy York](https://www.cloudsma.com/) * Blog: [Microsoft Sentinel 101](https://learnsentinel.blog/) ### Github * Github: [Microsoft 365 Defender - Resource Hub by Alex Verboon](https://github.com/alexverboon/MDATP/blob/master/README.md) * Github: [awesome-kql-sentinel](https://github.com/reprise99/awesome-kql-sentinel) ### Microsoft Offical Doc * Microsoft Doc: [Log Analytics tutorial](https://docs.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-tutorial) * Microsoft Doc: [Log queries in Azure Monitor](https://docs.microsoft.com/en-us/azure/azure-monitor/logs/log-query-overview) ### Twitter * Twitter: [The #365daysofkql hashtag by Matt Zorick](https://twitter.com/hashtag/365daysofkql) ### Community event * [KQL Cafe](https://kqlcafe.github.io/website/) ## Workbook Azure Monitor workbook provides rich visual reports in Azure Portal and gives you a real-time and interactive experience. In addition, workbooks can query data from multiple sources within Azure, and combine all these data from different sources into a single report. Here is my collection of where I begin to learn to create my first workbook * Blog: [Azure Sentinel Workbooks 101 by Scott Muniz](https://www.drware.com/azure-sentinel-workbooks-101-with-sample-workbook/) * Video: [How to build Azure Workbooks using logs and parameters | Azure Portal Series](https://www.youtube.com/watch?v=EC7n1Oo6D-o) * Blog: [Azure Automation Update Management Workbook by Billy York](https://www.cloudsma.com/2019/06/azure-automation-update-management-workbook/) * Blog: [Using Azure Monitor Workbooks to document your Azure resources by Mathieu Buisson](https://mathieubuisson.github.io/azure-workbooks-inventory-resources/) * Microsoft Doc: [Azure Monitor Workbooks](https://docs.microsoft.com/en-us/azure/azure-monitor/visualize/workbooks-overview) * Blog: [MSEndpointMgr.com](https://msendpointmgr.com/tag/log-analytics/) ## Demo Lab --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://sandyzeng.gitbook.io/kql/kql-quick-guide/useful-resources.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.