The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting (Business Skills) Paperback – 4 Jun. 2024

This book is all killer, no filler, and useful for anyone who’ll be using Kusto.If you are a big enough geek like me, you can probably start by just sitting down and reading chapters 1, 2, and 5. I think they lay the solid groundwork for anyone wanting to upskill in KQL (with #5 being if you’re responsibility for anything security). The others I’ve been using more as references for when I want to craft something later on.As a comparison, the book reminds me of the ‘Mastering Windows Server’ series from Mark Minasi, insofar as it takes you from zero/novice to hero/pro in a way that’s plain-speaking, goes well beyond what you’d find in the normal Microsoft Docs, and with just the right measure of technical deepness vs. approachability.

The book explains KQL with well defined use cases, some of the queries can directly be implemented as analytics rules in a Sentinel environment. They are not only based on theoretical examples, but provide insight in how to detect adversarial activity that is used right now. Really appreciate that the authors shared all the queries in a GitHub repository, this allows users to read and query at the same time without needing to write the query themselves. The book slowly increases the complexity of KQL examples, which makes the book helpful for both seasoned KQL experts and ones that have to write their first query yet.Really recommend reading this book, since KQL will only be used more in MS Security products and Azure.

This is my most favorite book of 2024 so far. I love the ease of explaining all the queries and knowledge. The use cases are useful and it is fun to try all the stuff on your own within a demo log analytics workspace. I can really recommend that book! I would like to have more content from these authors in the future.

Book is excellent and very useful for people who are working on sentinel siem tool.