KQL Query
Posts
Categories
whoami
Projects
Events
KQL News
KQL Query
Cancel
Posts
Categories
whoami
Projects
Events
KQL News
All Categories
KQL
Monitor New Actions in Sentinel & Defender XDR (V2)
KQL Sources: 2026 Update
GraphApiAuditEvents: The new Graph API Logs
Hunting Through APIs - Logic App Edition
Hunting Through APIs
More >>
Sentinel
Monitor New Actions in Sentinel & Defender XDR (V2)
KQL Sources: 2026 Update
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Monitor For New Actions In Sentinel And MDE
More >>
Defender for Endpoint
KQL Sources: 2026 Update
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Investigating ClickFix Incidents
Monitor For New Actions In Sentinel And MDE
More >>
SOC
Monitor New Actions in Sentinel & Defender XDR (V2)
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Investigating ClickFix Incidents
Monitor For New Actions In Sentinel And MDE
More >>
Threat Hunting
GraphApiAuditEvents: The new Graph API Logs
Hunting Through APIs - Logic App Edition
Hunting Through APIs
IOC hunting at scale
Investigating Microsoft Graph Activity Logs
More >>
Automation
Monitor New Actions in Sentinel & Defender XDR (V2)
Hunting Through APIs - Logic App Edition
Hunting Through APIs
Monitor For New Actions In Sentinel And MDE
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
More >>
Defender XDR
Monitor New Actions in Sentinel & Defender XDR (V2)
Hunting Through APIs - Logic App Edition
Hunting Through APIs
IOC hunting at scale
Audit Defender XDR Activities
More >>
Detection Engineering
GraphApiAuditEvents: The new Graph API Logs
Use Cases For Sentinel Summary Rules
Investigating Microsoft Graph Activity Logs
Detecting Post-Exploitation Behaviour
KQL Functions For Network Operations
More >>
Incident Response
Investigating ClickFix Incidents
UAL = Unaligned Activity Logs
Incident Response PowerShell V2
Incident Response Part 3: Leveraging Live Response
Incident Response Part 2: What about the other logs?
More >>
PowerShell
Incident Response PowerShell V2
Incident Response Part 3: Leveraging Live Response
Incident Response Part 2: What about the other logs?
Threat Hunting: Encoded PowerShell
Azure Data Explorer
Incident Response PowerShell V2
KQL Functions For Network Operations
Incident Response Part 2: What about the other logs?
Vulnerability Management
IOC hunting at scale
Prioritize Vulnerabilities Using The CISA Known Exploited Vulnerabilities Catalog
Vulnerability Management
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Networking
KQL Functions For Network Operations