KQL Query
Posts
Categories
whoami
Projects
Events
KQL News
KQL Query
Cancel
Posts
Categories
whoami
Projects
Events
KQL News
All Categories
KQL
[DxBP] Part 1 - Technical Detection Engineering Best Practices
Defender for Endpoint Timeline Internals
Monitor New Actions in Sentinel & Defender XDR (V2)
KQL Sources: 2026 Update
GraphApiAuditEvents: The new Graph API Logs
More >>
Sentinel
Monitor New Actions in Sentinel & Defender XDR (V2)
KQL Sources: 2026 Update
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Monitor For New Actions In Sentinel And MDE
More >>
Defender for Endpoint
Defender for Endpoint Timeline Internals
KQL Sources: 2026 Update
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Investigating ClickFix Incidents
More >>
SOC
Defender for Endpoint Timeline Internals
Monitor New Actions in Sentinel & Defender XDR (V2)
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Investigating ClickFix Incidents
More >>
Threat Hunting
[DxBP] Part 1 - Technical Detection Engineering Best Practices
GraphApiAuditEvents: The new Graph API Logs
Hunting Through APIs - Logic App Edition
Hunting Through APIs
IOC hunting at scale
More >>
Detection Engineering
[DxBP] Part 1 - Technical Detection Engineering Best Practices
GraphApiAuditEvents: The new Graph API Logs
Use Cases For Sentinel Summary Rules
Investigating Microsoft Graph Activity Logs
Detecting Post-Exploitation Behaviour
More >>
Incident Response
Defender for Endpoint Timeline Internals
Investigating ClickFix Incidents
UAL = Unaligned Activity Logs
Incident Response PowerShell V2
Incident Response Part 3: Leveraging Live Response
More >>
Automation
Monitor New Actions in Sentinel & Defender XDR (V2)
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Monitor For New Actions In Sentinel And MDE
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
More >>
Defender XDR
Monitor New Actions in Sentinel & Defender XDR (V2)
Hunting Through APIs - Logic App Edition
Hunting Through APIs
IOC hunting at scale
Audit Defender XDR Activities
More >>
PowerShell
Incident Response PowerShell V2
Incident Response Part 3: Leveraging Live Response
Incident Response Part 2: What about the other logs?
Threat Hunting: Encoded PowerShell
Azure Data Explorer
Incident Response PowerShell V2
KQL Functions For Network Operations
Incident Response Part 2: What about the other logs?
Vulnerability Management
IOC hunting at scale
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Prioritize Vulnerabilities Using The CISA Known Exploited Vulnerabilities Catalog
Networking
KQL Functions For Network Operations