In this article, we will share with you how to prepare and pass the Must Learn KQL training and assessment.
In This Article
Microsoft Sentinel is a cloud-native Security Information Event Management (SIEM) and Security Orchestration Automated Response (SOAR) solution. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response.
If you want to master Microsoft Sentinel and be an effective cybersecurity professional, then learning and mastering KQL is a must.
As a side note, KQL is not only used for Sentinel, it is used with Log Analytics/Azure Monitor, Microsoft Defender for Cloud, Azure Data Explorer, Application Insights, Azure Resource Graph, Microsoft 365 Defender Advanced Hunting including Microsoft Defender for Endpoint, Microsoft Defender for Office 365, Microsoft Defender for Cloud Apps, and Microsoft Defender for Identity.
Kusto Query Language (KQL) is a powerful tool to explore your data and discover patterns, identify anomalies and outliers, create statistical modeling, and more. The query uses schema entities that are organized in a hierarchy similar to SQL’s: databases, tables, and columns.
A Kusto query is a read-only request to process data and return results. The request is stated in plain text, using a data-flow model that is easy to read, author, and automate. Kusto queries are made of one or more query statements.
In February 2022, Rod Trent (Senior Cloud Security Advocate) created a Must Learn KQL Assessment which is based on the Must Learn KQL series that he created over several months and now has reached its completion.
Must Learn KQL Assessment
The Must Learn KQL training is a set of series, organized in a format that can help you go from absolutely no knowledge in KQL, to master KQL.
The Must Learn KQL training includes 20 series. If you have already studied all the series and you are ready for the knowledge check, follow the steps below:
The knowledge measure for Microsoft Sentinel consists of 25 multiple-choice questions.
I’ve just taken the test myself and I am so happy and grateful now that I passed it the first time with a passing score of 84/100 without any additional preparation. I work with KQL and Microsoft Sentinel on regular basis.
You need 80% or better at least to pass this knowledge check. I missed four questions. The good news is, the knowledge check will show you the correct answers after you submit the quiz, so you can understand better the right answers.
To get started, check out the Must Learn KQL training series, or you can download the KQL PDF book from here. If you have already studied all the modules and are ready for the knowledge check, please go to the direct link: Assessment check page.
The assessment is based on the honor system. You can take the assessment as many times as you need to and once you hit the 80% grade, you can send an email to the email address supplied on the assessment to receive your certificate: firstname.lastname@example.org
Please note that this is not an “official” certification, but (as a tip) the effort looks good if you place the certificate as shown in the image below with your current work experience.
This shows a record of your impact and is useful for keeping track of your efforts for those annual awards discussions with your manager.
Last but not least, I want to thank Rod Trent who prepared the Must Learn KQL series and the Knowledge Check.
> Are you interested to become a Microsoft Defender for Cloud Ninja? Check out the following step-by-step guide.
> Are you interested to become a Microsoft Sentinel Ninja? Check out the following step-by-step guide.
All the best,
Thank you for reading my blog.
If you have any questions or feedback, please leave a comment.