The Definitive Guide to KQL Now Available

The wait is over! After 10 months from start to finish, you can now purchase The Definitive Guide to KQL: Using Kusto Query Language for operations, defending, and threat hunting. This comprehensive guide covers everything from the basics of KQL to advanced techniques for threat hunting and defense. The Microsoft Press store or Amazon I suspect will be the most common places of purchase.

My author copies arrived this week, and the quote often attributed to Dorothy Parker, “I hate to write, but I love having written,” applies. There is no evidence she ever said that, but the feeling rings true.

This book is the book I wish existed when I was starting to learn KQL. Writing it made me dig deeper into the language to examine some of the things ‘you just do’. My co-authors, Rod Trent and Matthew Zorich, are incredibly knowledgeable, and Corissa Koopmans, the technical reviewer, went above and beyond with the book.

We tried to make the book as real-world and practical as possible. I’m really happy with how it turned out. If you find it useful, please let us know.

KQL