KQL Query
Posts
Categories
whoami
Projects
Events
KQL News
KQL Query
Cancel
Posts
Categories
whoami
Projects
Events
KQL News
All Categories
KQL
UAL = Unaligned Activity Logs
Unleash The Power Of DeviceTvmInfoGathering
Use Cases For Sentinel Summary Rules
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Audit Defender XDR Activities
More >>
Sentinel
UAL = Unaligned Activity Logs
Use Cases For Sentinel Summary Rules
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Investigating Microsoft Graph Activity Logs
Sentinel Automation Part 1: Enriching Sentinel Incidents with KQL Results
More >>
Defender For Endpoint
Unleash The Power Of DeviceTvmInfoGathering
Audit Defender XDR Activities
Detecting Post-Exploitation Behaviour
KQL Security Sources - 2024 Update
Prioritize Vulnerabilities Using The CISA Known Exploited Vulnerabilities Catalog
More >>
SOC
UAL = Unaligned Activity Logs
Unleash The Power Of DeviceTvmInfoGathering
Use Cases For Sentinel Summary Rules
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Audit Defender XDR Activities
More >>
Detection Engineering
Use Cases For Sentinel Summary Rules
Investigating Microsoft Graph Activity Logs
Detecting Post-Exploitation Behaviour
KQL Functions For Network Operations
KQL Functions For Security Operations
Incident Response
UAL = Unaligned Activity Logs
Incident Response PowerShell V2
Incident Response Part 3: Leveraging Live Response
Incident Response Part 2: What about the other logs?
Incident Response Part 1: IR on Microsoft Security Incidents (KQL edition)
PowerShell
Incident Response PowerShell V2
Incident Response Part 3: Leveraging Live Response
Incident Response Part 2: What about the other logs?
Threat Hunting: Encoded PowerShell
Threat Hunting
Investigating Microsoft Graph Activity Logs
From Threat Report to (KQL) Hunting Query
Threat Hunting: Encoded PowerShell
KQL Functions For Security Operations
Azure Data Explorer
Incident Response PowerShell V2
KQL Functions For Network Operations
Incident Response Part 2: What about the other logs?
Automation
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Sentinel Automation Part 1: Enriching Sentinel Incidents with KQL Results
Defender XDR
Audit Defender XDR Activities
Incident Response Part 1: IR on Microsoft Security Incidents (KQL edition)
Vulnerability Management
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Prioritize Vulnerabilities Using The CISA Known Exploited Vulnerabilities Catalog
Networking
KQL Functions For Network Operations