KQL Query
Posts
Categories
whoami
Projects
Events
KQL News
KQL Query
Cancel
Posts
Categories
whoami
Projects
Events
KQL News
All Posts
2025
Monitor For New Actions In Sentinel And MDE
01-30
KQL Sources - 2025 Update
01-02
2024
IOC hunting at scale
12-17
UAL = Unaligned Activity Logs
11-14
Unleash The Power Of DeviceTvmInfoGathering
10-10
Use Cases For Sentinel Summary Rules
09-11
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
08-14
Audit Defender XDR Activities
05-30
Investigating Microsoft Graph Activity Logs
05-02
Sentinel Automation Part 1: Enriching Sentinel Incidents with KQL Results
04-10
Detecting Post-Exploitation Behaviour
02-29
Incident Response PowerShell V2
02-14
KQL Security Sources - 2024 Update
01-14
2023
Prioritize Vulnerabilities Using The CISA Known Exploited Vulnerabilities Catalog
12-21
From Threat Report to (KQL) Hunting Query
11-29
KQL Functions For Network Operations
11-06
Incident Response Part 3: Leveraging Live Response
10-26
Incident Response Part 2: What about the other logs?
10-13
Incident Response Part 1: IR on Microsoft Security Incidents (KQL edition)
09-29
Threat Hunting: Encoded PowerShell
09-21
1
2