KQL Query
Posts
Categories
whoami
Projects
Events
KQL News
KQL Query
Cancel
Posts
Categories
whoami
Projects
Events
KQL News
All Categories
KQL
IOC hunting at scale
UAL = Unaligned Activity Logs
Unleash The Power Of DeviceTvmInfoGathering
Use Cases For Sentinel Summary Rules
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
More >>
Sentinel
IOC hunting at scale
UAL = Unaligned Activity Logs
Use Cases For Sentinel Summary Rules
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Investigating Microsoft Graph Activity Logs
More >>
Defender For Endpoint
Unleash The Power Of DeviceTvmInfoGathering
Audit Defender XDR Activities
Detecting Post-Exploitation Behaviour
KQL Security Sources - 2024 Update
Prioritize Vulnerabilities Using The CISA Known Exploited Vulnerabilities Catalog
More >>
SOC
UAL = Unaligned Activity Logs
Unleash The Power Of DeviceTvmInfoGathering
Use Cases For Sentinel Summary Rules
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Audit Defender XDR Activities
More >>
Detection Engineering
Use Cases For Sentinel Summary Rules
Investigating Microsoft Graph Activity Logs
Detecting Post-Exploitation Behaviour
KQL Functions For Network Operations
KQL Functions For Security Operations
Incident Response
UAL = Unaligned Activity Logs
Incident Response PowerShell V2
Incident Response Part 3: Leveraging Live Response
Incident Response Part 2: What about the other logs?
Incident Response Part 1: IR on Microsoft Security Incidents (KQL edition)
Threat Hunting
IOC hunting at scale
Investigating Microsoft Graph Activity Logs
From Threat Report to (KQL) Hunting Query
Threat Hunting: Encoded PowerShell
KQL Functions For Security Operations
PowerShell
Incident Response PowerShell V2
Incident Response Part 3: Leveraging Live Response
Incident Response Part 2: What about the other logs?
Threat Hunting: Encoded PowerShell
Azure Data Explorer
Incident Response PowerShell V2
KQL Functions For Network Operations
Incident Response Part 2: What about the other logs?
Defender XDR
IOC hunting at scale
Audit Defender XDR Activities
Incident Response Part 1: IR on Microsoft Security Incidents (KQL edition)
Vulnerability Management
IOC hunting at scale
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Prioritize Vulnerabilities Using The CISA Known Exploited Vulnerabilities Catalog
Automation
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
Sentinel Automation Part 1: Enriching Sentinel Incidents with KQL Results
Networking
KQL Functions For Network Operations