KQL Query
Posts
Categories
whoami
Projects
Events
KQL News
KQL Query
Cancel
Posts
Categories
whoami
Projects
Events
KQL News
All Posts
2024
UAL = Unaligned Activity Logs
11-14
Unleash The Power Of DeviceTvmInfoGathering
10-10
Use Cases For Sentinel Summary Rules
09-11
Sentinel Automation Part 2: Automate CISA Known Exploited Vulnerability Notifications
08-14
Audit Defender XDR Activities
05-30
Investigating Microsoft Graph Activity Logs
05-02
Sentinel Automation Part 1: Enriching Sentinel Incidents with KQL Results
04-10
Detecting Post-Exploitation Behaviour
02-29
Incident Response PowerShell V2
02-14
KQL Security Sources - 2024 Update
01-14
2023
Prioritize Vulnerabilities Using The CISA Known Exploited Vulnerabilities Catalog
12-21
From Threat Report to (KQL) Hunting Query
11-29
KQL Functions For Network Operations
11-06
Incident Response Part 3: Leveraging Live Response
10-26
Incident Response Part 2: What about the other logs?
10-13
Incident Response Part 1: IR on Microsoft Security Incidents (KQL edition)
09-29
Threat Hunting: Encoded PowerShell
09-21
KQL Functions For Security Operations
09-15
KQL Security Sources
09-07