KQL Query
Posts
Categories
whoami
Projects
Events
KQL News
KQL Query
Cancel
Posts
Categories
whoami
Projects
Events
KQL News
All Categories
KQL
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Investigating ClickFix Incidents
Monitor For New Actions In Sentinel And MDE
KQL Sources - 2025 Update
More >>
Sentinel
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Monitor For New Actions In Sentinel And MDE
KQL Sources - 2025 Update
IOC hunting at scale
More >>
Defender for Endpoint
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Investigating ClickFix Incidents
Monitor For New Actions In Sentinel And MDE
KQL Sources - 2025 Update
More >>
SOC
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Investigating ClickFix Incidents
Monitor For New Actions In Sentinel And MDE
UAL = Unaligned Activity Logs
More >>
Threat Hunting
Hunting Through APIs - Logic App Edition
Hunting Through APIs
IOC hunting at scale
Investigating Microsoft Graph Activity Logs
From Threat Report to (KQL) Hunting Query
More >>
Incident Response
Investigating ClickFix Incidents
UAL = Unaligned Activity Logs
Incident Response PowerShell V2
Incident Response Part 3: Leveraging Live Response
Incident Response Part 2: What about the other logs?
More >>
Automation
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Monitor For New Actions In Sentinel And MDE
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Sentinel Automation Part 1: Enriching Sentinel Incidents with KQL Results
Defender XDR
Hunting Through APIs - Logic App Edition
Hunting Through APIs
IOC hunting at scale
Audit Defender XDR Activities
Incident Response Part 1: IR on Microsoft Security Incidents (KQL edition)
Detection Engineering
Use Cases For Sentinel Summary Rules
Investigating Microsoft Graph Activity Logs
Detecting Post-Exploitation Behaviour
KQL Functions For Network Operations
KQL Functions For Security Operations
PowerShell
Incident Response PowerShell V2
Incident Response Part 3: Leveraging Live Response
Incident Response Part 2: What about the other logs?
Threat Hunting: Encoded PowerShell
Azure Data Explorer
Incident Response PowerShell V2
KQL Functions For Network Operations
Incident Response Part 2: What about the other logs?
Vulnerability Management
IOC hunting at scale
Prioritize Vulnerabilities Using The CISA Known Exploited Vulnerabilities Catalog
Vulnerability Management
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Networking
KQL Functions For Network Operations