Bartosz Wysocki

The KQL User Audit Playbook: Your Template for Investigations

Alright, class. Take your seats. It’s 3 PM on

The KQL Playbook (Play #5): The Anomaly Play - Finding the 'Weird'

Alright, class. Take your seats. In our last beginner session,

The KQL Playbook (Play #4): The Correlation Play - Joining Tables and Enriching Data

Alright, class. Take your seats. In our last play, we

The KQL Playbook (Play #3): Mastering Strings, Timestamps, and Ugly JSON

Alright, class. Welcome back to the KQL Playbook. In our

The KQL Playbook (Play #2): Mastering the Matching Game

Alright, class. Welcome back to the KQL playbook. In our

The Self-Updating Watchlist: Automating Sentinel with Logic Apps & Graph API

Alright, class. Let's talk about one of the

Unlocking Sentinel's True Power: A Guide to the Graph API and Logic Apps

Alright, class. You've built playbooks. You've

Herding Cats with Sentinel: An In-Depth Guide to Workspace Manager

Alright, class. In a previous lesson, we discussed the "

The 7 Deadly Sins of a Microsoft Sentinel Deployment

Alright, class. You've read the guides, you'

Beyond the Basics: Forging Your Own Custom Detections in Defender XDR

Alright, class. You've started to notice something. Sentinel