Sentinel Tip - Use Kusto Query Language (KQL): Master KQL to create effective and efficient analytics rules. KQL is a powerful & easy to learn query language for analyzing large datasets. #KQL #Analytics #QueryLanguage #MustLearnKQL
Sentinel Tip - Use Kusto Query Language (KQL): Master KQL to create effective and efficient analytics rules. KQL is a powerful & easy to learn query language for analyzing large datasets. #KQL #Analytics #QueryLanguage #MustLearnKQL
Learn Live - Introduction to Kusto Query Language https://rodtrent.com/9mh
View my verified achievement from Microsoft Azure Data Explorer.
https://www.credly.com/badges/93244571-f2fc-4602-bc0d-7d605400b785/public_url
Was quick enough this time to capture a gift!
Kusto Detective Agency Season 2, Case 3 is ready!
DCA-DetectAADInternalsUse.kql - Detect AADInternals use, where we see a domain changed from managed to federated, and the issuer contains any.sts or the issuer suffix is 8 characters, a combination of letters and numbers
#MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D #KQL #MustLearnKQL
KQL Queries Behind the Microsoft Sentinel Overview Page https://rodtrent.com/web
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #KQL #MustLearnKQL
Email-EOP-Detection-DailyPercentage.yaml - This query shows the daily percentage of EOP detections.
#KQL #MustLearnKQL #MicrosoftDefender #Security #MicrosoftSecurity #Cybersecurity #M365D
Saas-Ransomware-0mega-hunting.kql - Detection Queries for 0mega ransomware infecting sharepoint. https://rodtrent.com/m80
#MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #KQL #MustLearnKQL
Did you know Kindle Unlimited subscribers can read Must Learn KQL for free?
Getting GEO Information for IP Addresses without Using a Microsoft Sentinel Playbook https://rodtrent.com/iz5
#MustLearnKQL #KQL #MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security
Love the new geo_info_from_ip_address() function https://rodtrent.com/iue
General availability: New KQL function to enrich your data analysis with geographic context https://rodtrent.com/hba
5 Signs that You're a Must Learn KQL Addict https://rodtrent.com/bvv
And the beat goes on. Almost 2 years after starting the Must Learn KQL series and I just finished delivering certificates for the latest completions for the first day of June 2023.
Congrats all!
Spent some time today moving the Must Learn KQL learning series off of the old blogs (don't trust them to stick around). The move won't affect anything. All links still available at: https://aka.ms/MustLearnKQL
Easy Way to Build KQL Query Templates for Azure Services https://rodtrent.com/ucr
Just getting started to get started learning KQL? Start here: https://aka.ms/MustLearnKQL
Now over 3,000 served!
Understanding the Intricacies of AAD Sign-In Logs to Detect MFA Fatigue Attacks https://rodtrent.com/7mn
#Security #MicrosoftSecurity #Cybersecurity #MustLearnKQL #KQL
Case 1 in the books! https://www.credly.com/badges/efa97e16-4976-41c9-8611-55d9fa829827/public_url
Season 2 is shaping up to be epic. https://rodtrent.com/4b6