How to Use Azure Monitor to Gain Insights and Ensure Application Health
In modern cloud environments, maintaining the health and performance of applications is critical. Azure Monitor provides a full-stack monitoring solution that enables organizations to track metrics, diagnose issues, and gain deep insights into their applications and infrastructure. #azuremonitor #CloudMonitoring #ContainerInsights #devops #kql #loganalytics #sentinel #siem #threatdetection
Hello tout le monde ! J'ai pu mettre à jour mon repository SOC-Ressources avec pas mal de nouvelles choses 🥳
Cela fait 2 ans que je tente petit à petit de créer une "tour de controle" de l'analyste SOC, avec une liste gratuite, ou n'importe qui pourra trouver des ressources pour investiguer, qualifier et monter en compétence sur ce genre de poste.
https://github.com/DXC-0/SOC-Ressources
Cela s'addresse autant aux nouveaux, qu'à des plus confirmés. N'hésitez pas à partager en masse, c'est le but et à me faire des retours, c'est toujours avec plaisir que j'écouterai les améliorations possibles. 😁
Si vous avez des outils que vous souhaitez lister dedans, pareil, je suis preneur.
Sur ce, bon week-end 🎩
------------------------------------------------------------------------
Hello, everybody! I have been able to update my SOC-Resources repository with a lot of new things.
I am gradually trying to create a "Control Tower" of the SOC analyst, with a free list, or anyone will be able to find resources to investigate, qualify and improve Skills
This applies as much to the new, as to the more confirmed. Don't hesitate to share in mass, that's the goal and to make feedback, it's always with pleasure that I will listen to the possible improvements.
#Github #SOC #SOCAnalyst #BlueTeam #Ressources #Free #Ressources #Cybersécurity #Tools #Courses #Malwares #Reverse #Engineer #IT #SIEM #EDR #AQL #SPL #KQL #Hunting #ThreatHunting #IOC #CTI #intelligence
Demystifying Anomaly Detection in Microsoft Sentinel using KQL https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/demystifying-anomaly-detection-in-microsoft-sentinel-using-kql/4417621 #Azure #AzureMonitor #MicrosoftSentinel #KQL #Security
#KQL query that looks for network connections to these domains via #MDE DeviceNetworkEvents (Connection or DNS Query).
Huge thanks to @racwatchin8872 for making the data available in a way that can be accessed via externaldata 🙏
KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules🕵️♂️
https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules
#infosec #cybersecurity #threatintel #threathunting #azure #sentinel #kql
Use an Azure Managed Identity for Fluent Bit’s Azure Data Explorer output plugin on Azure Kubernetes Service https://www.danielstechblog.io/use-an-azure-managed-identity-for-fluent-bits-azure-data-explorer-output-plugin-on-azure-kubernetes-service/ #Azure #AKS #AzureKubernetesService #Kubernetes #AzureDataExplorer #ADX #KQL #FluentBit
🚨 Test your Lateral Movement investigation skills!
I have just added a new challenge to my FREE "Hands-On Introduction to KQL for Security Analysis" course!
You can even test your AI agents' skills 😉
#KQL#Kusto#MicrosoftSentinel#MicrosoftDefender
https://academy.bluraven.io/course/introduction-to-kql-for-security-analysis
🐣 HAPPY EASTER CAPSTONE! 🛡️
My KQL courses now include a complete attack scenario to test your skills — end to end.
🎯 Hands-on labs
📉 20% OFF for a limited time!
Crack it open 👇
#KQL #Kusto #ThreatHunting #DetectionEngineering #DFIR
https://academy.bluraven.io
🎁 NEW UPDATE:
I've added a small challenge to my FREE "Hands-On Introduction to KQL for Security Analysis" course.
More will be coming soon!
#KQL #Kusto #MicrosoftDefender #MicrosoftSentinel
👇
https://academy.bluraven.io/course/introduction-to-kql-for-security-analysis
🚨 FREE unlimited lab access to "Introduction to KQL for Security Analysis" course!
Thrilled to announce that my Intro to KQL for Security Analysis lab environment is now completely free with no time restrictions!
https://academy.bluraven.io/course/introduction-to-kql-for-security-analysis
Detect suspicious foci token logins:
The in cluded description includes an explanation what foci tokens are and why a hunt might be useful. Nice work!
https://github.com/HybridBrothers/Hunting-Queries-Detection-Rules/blob/main/Entra%20ID/DetectSuspiciousFociTokenLogins.md
#DFIR #BlueTeam #KQL
Enhance #CopilotStudio with actionable insights! 📊 From tracking engagement to identifying bottlenecks, these KQL queries in Azure Application Insights empower your bot to perform at its best. Optimize today for a smarter tomorrow! #KQL #AI #Azure
http://mytrial365.com/2025/03/04/using-kql-for-monitoring-and-optimizing-microsoft-copilot-studio/
If you can completely disable device code flows using Conditional Access, you should do so. If you cannot, at least limit which user IDs can use them. If you allow any users to use device code flows, use the #KQL provided to hunt for abuse.
From: @fabian_bader
https://infosec.exchange/@fabian_bader/114013896376345681
Hunt for signins using device code flow, requesting the Device Registration Service and registering a new Entra ID device as the result
💙 Fall in Love with Threat Hunting, Incident Response, and Detection Engineering using #KQL 💙
Code: VLTN30
Valid until 17.02
Using Optional parameter if not configured in Azure Monitor workbooks with KQL query https://cloudadministrator.net/2025/02/05/using-optional-parameter-if-not-configured-in-azure-monitor-workbooks-with-kql-query/ #Azure #AzureMonitor #KQL #AzureLogAnalutics #LogAnalytics #AzureMonitorWorkbooks
Blog Alert!
Let's dig into #KQL and see some differences with #SQL to learn for the #MicrosoftLearn #DP700 certification
http://sqlreitse.com/2025/01/21/dp-700-certification-process-data-using-kql/
Sentinel Tip - Use Custom Functions: Create custom functions to reuse common query logic across multiple rules. Custom functions improve consistency and reduce redundancy. #CustomFunctions #Consistency #Efficiency #KQL
In today's digital landscape, email remains a primary vector for data exfiltration and cyberattacks. With the increasing sophistication of threats, it's crucial for organizations to have robust mechanisms in place to detect and respond to unusual email activities. Microsoft Sentinel, with its powerful threat detection capabilities, provides the perfect platform for monitoring and securing your email communications. #365 #activity #attack #inbox #kql #logs
Use Fluent Bit for Kubernetes events gathering on Azure Kubernetes Service https://www.danielstechblog.io/use-fluent-bit-for-kubernetes-events-gathering-on-azure-kubernetes-service/ #Azure #AKS #AzureKubernetesService #Kubernetes #AzureDataExplorer #ADX #KQL #FluentBit
