A technical guide on using KQL queries to hunt for suspicious activity and token theft targeting workload identities in Microsoft Entra.
Explains the power of Kusto Query Language (KQL) for fast data analysis in Azure, including use cases and integration with Azure Copilot.
A guide on using KQL to query a Managed Metadata term and its child terms in SharePoint Online Search, including field mapping and practical examples.
A tool for generating Kusto Query Language (KQL) datatables, based on an existing variable generator.
A guide on documenting and organizing Kusto Query Language (KQL) code using comments, docstrings, and folders for better maintainability.
A guide to ingesting custom data like VM tags, script outputs, and application logs into Azure Log Analytics for enhanced monitoring and alerting.
Guide to creating a dynamic Azure alert for AKS node pools that triggers when a pool reaches its maximum autoscaling node count.
A technical guide on deploying Azure Managed Grafana and using it with VNet Flow Logs and KQL to create network traffic dashboards.
A technical workshop explaining Kusto Graph (Kraph) semantics for security analysis, including lab setup with Sentinel, Sysmon, and KQL.
Explains how to use KQL Graph semantics in Microsoft security tools to identify lateral movement paths between users, computers, and groups.
Announcing a free in-person workshop on Azure IoT basics, dashboarding, and data exploration using Azure IoT Hub and Data Explorer at the BitBash event.
Explores methods for handling Change Data Capture (CDC) patterns from IoT devices within Azure Data Explorer for data analysis.
Explains how to use datasets as parameters in Azure Workbooks to combine data from Log Analytics, Resource Graph, and APIs for advanced analytics.
Azure Resource Graph can now be queried directly from Log Analytics, enabling new KQL capabilities and integration for alerts.
Azure Resource Graph now includes Policy Exemptions data, enabling cloud-scale queries and analysis with KQL examples provided.
Explains how to handle JSON arrays in Kusto Query Language (KQL) using mv-expand and mv-apply, focusing on Azure AD Conditional Access policy data.
A guide to creating data visualizations using KQL in Azure services like Sentinel and Log Analytics, with practical examples.
A security engineer shares key lessons and query patterns learned from a year-long #365daysofKQL challenge, focusing on threat hunting and log analysis.
Using KQL queries to analyze Azure AD logs for better tenant management, covering users, service principals, and security.
A guide to using KQL aggregation functions like count() and dcount() in Microsoft Sentinel/Log Analytics to summarize and analyze security alert data.
