Sentinel - Category - KQLQuery.com

Sentinel

2025

Monitor For New Actions In Sentinel And MDE 01-30

KQL Sources - 2025 Update 01-02

2024

IOC hunting at scale 12-17

UAL = Unaligned Activity Logs 11-14

Use Cases For Sentinel Summary Rules 09-11

Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications 08-14

Investigating Microsoft Graph Activity Logs 05-02

Sentinel Automation Part 1: Enriching Sentinel Incidents with KQL Results 04-10

Detecting Post-Exploitation Behaviour 02-29

KQL Security Sources - 2024 Update 01-14

2023

From Threat Report to (KQL) Hunting Query 11-29

Incident Response Part 1: IR on Microsoft Security Incidents (KQL edition) 09-29

Threat Hunting: Encoded PowerShell 09-21

KQL Functions For Security Operations 09-15