KQL Query
Posts
Categories
whoami
Projects
Events
KQL News
KQL Query
Cancel
Posts
Categories
whoami
Projects
Events
KQL News
All Categories
KQL
Monitor For New Actions In Sentinel And MDE
KQL Sources - 2025 Update
IOC hunting at scale
UAL = Unaligned Activity Logs
Unleash The Power Of DeviceTvmInfoGathering
More >>
Sentinel
Monitor For New Actions In Sentinel And MDE
KQL Sources - 2025 Update
IOC hunting at scale
UAL = Unaligned Activity Logs
Use Cases For Sentinel Summary Rules
More >>
Defender For Endpoint
Monitor For New Actions In Sentinel And MDE
KQL Sources - 2025 Update
Unleash The Power Of DeviceTvmInfoGathering
Audit Defender XDR Activities
Detecting Post-Exploitation Behaviour
More >>
SOC
Monitor For New Actions In Sentinel And MDE
UAL = Unaligned Activity Logs
Unleash The Power Of DeviceTvmInfoGathering
Use Cases For Sentinel Summary Rules
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
More >>
Detection Engineering
Use Cases For Sentinel Summary Rules
Investigating Microsoft Graph Activity Logs
Detecting Post-Exploitation Behaviour
KQL Functions For Network Operations
KQL Functions For Security Operations
Incident Response
UAL = Unaligned Activity Logs
Incident Response PowerShell V2
Incident Response Part 3: Leveraging Live Response
Incident Response Part 2: What about the other logs?
Incident Response Part 1: IR on Microsoft Security Incidents (KQL edition)
Threat Hunting
IOC hunting at scale
Investigating Microsoft Graph Activity Logs
From Threat Report to (KQL) Hunting Query
Threat Hunting: Encoded PowerShell
KQL Functions For Security Operations
PowerShell
Incident Response PowerShell V2
Incident Response Part 3: Leveraging Live Response
Incident Response Part 2: What about the other logs?
Threat Hunting: Encoded PowerShell
Automation
Monitor For New Actions In Sentinel And MDE
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Sentinel Automation Part 1: Enriching Sentinel Incidents with KQL Results
Azure Data Explorer
Incident Response PowerShell V2
KQL Functions For Network Operations
Incident Response Part 2: What about the other logs?
Defender XDR
IOC hunting at scale
Audit Defender XDR Activities
Incident Response Part 1: IR on Microsoft Security Incidents (KQL edition)
Vulnerability Management
IOC hunting at scale
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Prioritize Vulnerabilities Using The CISA Known Exploited Vulnerabilities Catalog
Networking
KQL Functions For Network Operations