All Posts - Microsoft Security Blogs - Kusto

All Posts

2026

KQL Sources: 2026 Update 01-05

2025

GraphApiAuditEvents: The new Graph API Logs 08-19

Hunting Through APIs - Logic App Edition 07-15

Hunting Through APIs 06-11

Investigating ClickFix Incidents 05-06

Monitor For New Actions In Sentinel And MDE 01-30

KQL Sources - 2025 Update 01-02

2024

IOC hunting at scale 12-17

UAL = Unaligned Activity Logs 11-14

Unleash The Power Of DeviceTvmInfoGathering 10-10

Use Cases For Sentinel Summary Rules 09-11

Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications 08-14

Audit Defender XDR Activities 05-30

Investigating Microsoft Graph Activity Logs 05-02

Sentinel Automation Part 1: Enrich Incidents with KQL 04-10

Detecting Post-Exploitation Behaviour 02-29

Incident Response PowerShell V2 02-14

KQL Security Sources - 2024 Update 01-14

2023

Prioritize Vulnerabilities Using The CISA Known Exploited Vulnerabilities Catalog 12-21

From Threat Report to (KQL) Hunting Query 11-29

1
2