All Posts - Microsoft Security Blogs - Kusto

All Posts

2026

Defender for Endpoint Timeline Internals 01-26

Monitor New Actions in Sentinel & Defender XDR (V2) 01-19

KQL Sources: 2026 Update 01-05

2025

GraphApiAuditEvents: The new Graph API Logs 08-19

Hunting Through APIs - Logic App Edition 07-15

Hunting Through APIs 06-11

Investigating ClickFix Incidents 05-06

Monitor For New Actions In Sentinel And MDE 01-30

KQL Sources - 2025 Update 01-02

2024

IOC hunting at scale 12-17

UAL = Unaligned Activity Logs 11-14

Unleash The Power Of DeviceTvmInfoGathering 10-10

Use Cases For Sentinel Summary Rules 09-11

Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications 08-14

Audit Defender XDR Activities 05-30

Investigating Microsoft Graph Activity Logs 05-02

Sentinel Automation Part 1: Enrich Incidents with KQL 04-10

Detecting Post-Exploitation Behaviour 02-29

Incident Response PowerShell V2 02-14

KQL Security Sources - 2024 Update 01-14

1
2