Useful Resources 🔦

I started to learn KQL in Summer 2020. I just quit my long term job and collected two months of vacation. Beginning of my vacation was ok, but I found I was bored shortly after and needed to learn something new. So I found KQL!

KQL is so powerful and intersting, and I use it almost everyday.

Where and how did I start to learn this? Here is my list of where I begin.

• Pluralsight: Kusto Query Language (KQL) from Scratch by Robert Cain

Blogs

• Blog: MSEndpointMgr.com

• Blog: Become a KQL Ninja by Huy Kha

• Blog: Kusto King by Gianni Castaldi

• Blog: Azure Cloud & AI Domain Blog

• Blog: Must Learn KQL by Rod Trent

• Blog: CloudSMA by Billy York

• Blog: Microsoft Sentinel 101

Github

• Github: Microsoft 365 Defender - Resource Hub by Alex Verboon

• Github: awesome-kql-sentinel

Microsoft Offical Doc

• Microsoft Doc: Log Analytics tutorial

• Microsoft Doc: Log queries in Azure Monitor

Twitter

• Twitter: The #365daysofkql hashtag by Matt Zorick

Community event

• KQL Cafe

Workbook

Azure Monitor workbook provides rich visual reports in Azure Portal and gives you a real-time and interactive experience. In addition, workbooks can query data from multiple sources within Azure, and combine all these data from different sources into a single report.

Here is my collection of where I begin to learn to create my first workbook

• Blog: Azure Sentinel Workbooks 101 by Scott Muniz

• Video: How to build Azure Workbooks using logs and parameters | Azure Portal Series

• Blog: Azure Automation Update Management Workbook by Billy York

• Blog: Using Azure Monitor Workbooks to document your Azure resources by Mathieu Buisson

• Microsoft Doc: Azure Monitor Workbooks

• Blog: MSEndpointMgr.com

Demo Lab

https://aka.ms/LADemo

http://aka.ms/kustofree