KQL Query
Posts Categories whoami Projects Events KQL News
KQL Query
Cancel
PostsCategorieswhoamiProjectsEventsKQL News

 Sentinel

2025

Monitor For New Actions In Sentinel And MDE 01-30
KQL Sources - 2025 Update 01-02

2024

IOC hunting at scale 12-17
UAL = Unaligned Activity Logs 11-14
Use Cases For Sentinel Summary Rules 09-11
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications 08-14
Investigating Microsoft Graph Activity Logs 05-02
Sentinel Automation Part 1: Enriching Sentinel Incidents with KQL Results 04-10
Detecting Post-Exploitation Behaviour 02-29
KQL Security Sources - 2024 Update 01-14

2023

From Threat Report to (KQL) Hunting Query 11-29
Incident Response Part 1: IR on Microsoft Security Incidents (KQL edition) 09-29
Threat Hunting: Encoded PowerShell 09-21
KQL Functions For Security Operations 09-15
2023 - 2025  | ©