Morowczynski

Learning KQL is a necessity for system administrators, Azure operators, and security analysts alike, ensuring workloads are monitored to be active, accessible, and secure in the Microsoft Azure cloud platform.

KQL is a powerful query language that helps analyze a large volume of structured, semi structured, and unstructured data. KQL has inbuilt operators and functions that lets a user analyze data to find trends, patterns, anomalies, create forecasting, and machine learning. KQL underpins a variety of Microsoft cloud products--Microsoft Sentinel, Azure Data Explorer, Microsoft 365 Advanced Hunting, Azure Resource Graph, Azure Monitor and more.

This book is designed to be the definitive guide to not only learning KQL but also to using KQL to solve real-world problems. As you learn parts of the language, the authors will show how that can be used to aid with daily operations and security investigations. At the completion of the book, you will have not only learned the language, but also operationalized KQL in your environment.

This topic is important for anyone who manages anything in Azure and any service (AWS, GCP, etc.) being managed through an Azure-based security platform, as well as systems administrators, security consultants, security operations center analysts, and data scientists.

Mark Morowczynski is a principal product manager on the Security Customer Experience Engineering (CxE) team at Microsoft. He spends most of his time working with customers on their deployments in the Identity and Access Management (IAM) and information security space. He’s spoken at various industry events, including Black Hat, Defcon Blue Team Village, Blue Team Con, Microsoft Ignite, and several BSides and SANS Security Summits. He has a BS in computer science, an MS in computer information and network security, and an MBA from DePaul University. He also has a MS in Information Security Engineering from the SANS Technology Institute. He can be found online on Mastodon at @markmorow@infosec.exchange or his website at https: //markmorow.com.

Rod Trent is a senior program manager at Microsoft, focused on cybersecurity and AI. He has spoken at many conferences over the past 30-some years and has written several books, including Must Learn KQL: Essential Learning for the Cloud-focused Data Scientist, and thousands of articles. He is a husband, dad, and first-time grandfather. In his spare time (if such a thing does truly exist), you can regularly find him simultaneously watching Six Million Dollar Man episodes and writing KQL queries. Rod can be found on LinkedIn and X (formerly Twitter) at @rodtrent.

Matthew Zorich was born and raised in Australia and works for the Microsoft GHOST team, which provides threat-hunting oversight to many areas of Microsoft. Before that, he worked for the Microsoft Detection and Response Team (DART) and dealt with some of the most complex and largest-scale cybersecurity compromises on the planet. Before joining Microsoft as a full-time employee, he was a Microsoft MVP, ran a blog focused on Microsoft Sentinel, and contributed hundreds of open-source KQL queries to the community. He is a die-hard sports fan, especially the NBA and cricket.