KQL Query
Posts
Categories
whoami
Projects
Events
KQL News
KQL Query
Cancel
Posts
Categories
whoami
Projects
Events
KQL News
All Categories
KQL
Defender for Endpoint Timeline Internals
Monitor New Actions in Sentinel & Defender XDR (V2)
KQL Sources: 2026 Update
GraphApiAuditEvents: The new Graph API Logs
Hunting Through APIs - Logic App Edition
More >>
Sentinel
Monitor New Actions in Sentinel & Defender XDR (V2)
KQL Sources: 2026 Update
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Monitor For New Actions In Sentinel And MDE
More >>
Defender for Endpoint
Defender for Endpoint Timeline Internals
KQL Sources: 2026 Update
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Investigating ClickFix Incidents
More >>
SOC
Defender for Endpoint Timeline Internals
Monitor New Actions in Sentinel & Defender XDR (V2)
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Investigating ClickFix Incidents
More >>
Threat Hunting
GraphApiAuditEvents: The new Graph API Logs
Hunting Through APIs - Logic App Edition
Hunting Through APIs
IOC hunting at scale
Investigating Microsoft Graph Activity Logs
More >>
Incident Response
Defender for Endpoint Timeline Internals
Investigating ClickFix Incidents
UAL = Unaligned Activity Logs
Incident Response PowerShell V2
Incident Response Part 3: Leveraging Live Response
More >>
Automation
Monitor New Actions in Sentinel & Defender XDR (V2)
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Monitor For New Actions In Sentinel And MDE
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
More >>
Defender XDR
Monitor New Actions in Sentinel & Defender XDR (V2)
Hunting Through APIs - Logic App Edition
Hunting Through APIs
IOC hunting at scale
Audit Defender XDR Activities
More >>
Detection Engineering
GraphApiAuditEvents: The new Graph API Logs
Use Cases For Sentinel Summary Rules
Investigating Microsoft Graph Activity Logs
Detecting Post-Exploitation Behaviour
KQL Functions For Network Operations
More >>
PowerShell
Incident Response PowerShell V2
Incident Response Part 3: Leveraging Live Response
Incident Response Part 2: What about the other logs?
Threat Hunting: Encoded PowerShell
Azure Data Explorer
Incident Response PowerShell V2
KQL Functions For Network Operations
Incident Response Part 2: What about the other logs?
Vulnerability Management
IOC hunting at scale
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Prioritize Vulnerabilities Using The CISA Known Exploited Vulnerabilities Catalog
Networking
KQL Functions For Network Operations