#MustLearnKQL

2024-08-29

Sentinel Tip - Use Kusto Query Language (KQL): Master KQL to create effective and efficient analytics rules. KQL is a powerful & easy to learn query language for analyzing large datasets. #KQL #Analytics #QueryLanguage #MustLearnKQL

rodtrent :verified:rodtrent@infosec.exchange
2023-06-20

Learn Live - Introduction to Kusto Query Language rodtrent.com/9mh

#MustLearnKQL #KQL

rodtrent :verified:rodtrent@infosec.exchange
2023-06-19

View my verified achievement from Microsoft Azure Data Explorer.

credly.com/badges/93244571-f2f

#MustLearnKQL #KQL

rodtrent :verified:rodtrent@infosec.exchange
2023-06-19

Was quick enough this time to capture a gift!

Kusto Detective Agency Season 2, Case 3 is ready!

rodtrent.com/1cr

#MustLearnKQL #KQL

rodtrent :verified:rodtrent@infosec.exchange
2023-06-16

DCA-DetectAADInternalsUse.kql - Detect AADInternals use, where we see a domain changed from managed to federated, and the issuer contains any.sts or the issuer suffix is 8 characters, a combination of letters and numbers

rodtrent.com/9li

#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D #KQL #MustLearnKQL

rodtrent :verified:rodtrent@infosec.exchange
2023-06-15
rodtrent :verified:rodtrent@infosec.exchange
2023-06-13

Email-EOP-Detection-DailyPercentage.yaml - This query shows the daily percentage of EOP detections.

rodtrent.com/2cr

#KQL #MustLearnKQL #MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D

rodtrent :verified:rodtrent@infosec.exchange
2023-06-12

Saas-Ransomware-0mega-hunting.kql - Detection Queries for 0mega ransomware infecting sharepoint. rodtrent.com/m80

#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #KQL #MustLearnKQL

rodtrent :verified:rodtrent@infosec.exchange
2023-06-09

Did you know Kindle Unlimited subscribers can read Must Learn KQL for free?

amzn.to/43uDfsI

#MustLearnKQL #KQL

rodtrent :verified:rodtrent@infosec.exchange
2023-06-06

Probably my favorite Must Learn KQL quote to date.

aka.ms/MustLearnKQL

#MustLearnKQL #KQL

rodtrent :verified:rodtrent@infosec.exchange
2023-06-06

Getting GEO Information for IP Addresses without Using a Microsoft Sentinel Playbook rodtrent.com/iz5

#MustLearnKQL #KQL #MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security

rodtrent :verified:rodtrent@infosec.exchange
2023-06-06

Love the new geo_info_from_ip_address() function rodtrent.com/iue

#MustLearnKQL #KQL

rodtrent :verified:rodtrent@infosec.exchange
2023-06-06

General availability: New KQL function to enrich your data analysis with geographic context rodtrent.com/hba

#MustLearnKQL #KQL

rodtrent :verified:rodtrent@infosec.exchange
2023-06-01
rodtrent :verified:rodtrent@infosec.exchange
2023-06-01

And the beat goes on. Almost 2 years after starting the Must Learn KQL series and I just finished delivering certificates for the latest completions for the first day of June 2023.

Congrats all!

aka.ms/MustLearnKQL

#MustLearnKQL #KQL #MicrosoftSentinel #MicrosoftDefender

rodtrent :verified:rodtrent@infosec.exchange
2023-05-31

Spent some time today moving the Must Learn KQL learning series off of the old blogs (don't trust them to stick around). The move won't affect anything. All links still available at: aka.ms/MustLearnKQL

#MustLearnKQL #KQL

rodtrent :verified:rodtrent@infosec.exchange
2023-05-31

Easy Way to Build KQL Query Templates for Azure Services rodtrent.com/ucr

#MustLearnKQL #KQL #Azure

rodtrent :verified:rodtrent@infosec.exchange
2023-05-30

Just getting started to get started learning KQL? Start here: aka.ms/MustLearnKQL

Now over 3,000 served!

#MustLearnKQL #KQL

rodtrent :verified:rodtrent@infosec.exchange
2023-05-26

Understanding the Intricacies of AAD Sign-In Logs to Detect MFA Fatigue Attacks rodtrent.com/7mn

#Security #MicrosoftSecurity #Cybersecurity #MustLearnKQL #KQL

Client Info

Server: https://mastodon.social
Version: 2025.07
Repository: https://github.com/cyevgeniy/lmst