Matt Zorich 6/21/2022

KQL lessons learnt from #365daysofKQL

Read Original

The author reflects on completing a #365daysofKQL challenge, sharing insights gained from writing a hunting query every day for a year. Key lessons include the importance of practice for improving query readability and efficiency, developing repeatable query patterns for different log sources, and safely simulating adversary techniques (like consent phishing) using your own account to generate and test detection alerts. The article provides a practical example of building a KQL query for Azure AD audit logs.

0 comments
#cybersecurity #query language #data analysis
KQL lessons learnt from #365daysofKQL

Comments

No comments yet

Be the first to share your thoughts!

Browser Extension

Get instant access to AllDevBlogs from your browser

Top of the Week

1
Quoting Thariq Shihipar
Simon Willison 2 votes
2
Container queries are rad AF!
Chris Ferdinandi 1 votes
3
Top picks — 2026 January
Paweł Grzybek 1 votes
4
In Praise of –dry-run
Henrik Warne 1 votes
5
Deep Learning is Powerful Because It Makes Hard Things Easy - Reflections 10 Years On
Ferenc Huszár 1 votes
6
Vibe coding your first iOS app
William Denniss 1 votes
7
AGI, ASI, A*I – Do we have all we need to get there?
John D. Cook 1 votes