All Posts - Kusto Query Language | KQLQuery.com

All Posts

2024

IOC hunting at scale 12-17

UAL = Unaligned Activity Logs 11-14

Unleash The Power Of DeviceTvmInfoGathering 10-10

Use Cases For Sentinel Summary Rules 09-11

Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications 08-14

Audit Defender XDR Activities 05-30

Investigating Microsoft Graph Activity Logs 05-02

Sentinel Automation Part 1: Enriching Sentinel Incidents with KQL Results 04-10

Detecting Post-Exploitation Behaviour 02-29

Incident Response PowerShell V2 02-14

KQL Security Sources - 2024 Update 01-14

2023

Prioritize Vulnerabilities Using The CISA Known Exploited Vulnerabilities Catalog 12-21

From Threat Report to (KQL) Hunting Query 11-29

KQL Functions For Network Operations 11-06

Incident Response Part 3: Leveraging Live Response 10-26

Incident Response Part 2: What about the other logs? 10-13

Incident Response Part 1: IR on Microsoft Security Incidents (KQL edition) 09-29

Threat Hunting: Encoded PowerShell 09-21

KQL Functions For Security Operations 09-15

KQL Security Sources 09-07