User Audit Investigation Workbook: Deploy in Minutes, Investigate in Seconds
All right class.
This is the workbook I wish people
KQL
KQL User Audit Playbook V2: The Insider Threat Investigation Guide
All right class.
This is a continuation of my previous
Teams Threat Protection: What Actually Changed and What You Can Actually Hunt
All right class
Your SOC has limited visibility into Teams.
Hunting in Microsoft Sentinel: What Hunting Actually Is and Why You Need It
Terminology matters here. Microsoft uses these words in specific ways,
Beauty of Data Visualization in Microsoft Sentinel Using KQL
Welcome back, class.
Tables are useless at scale. You know
Fixing Microsoft's Azure Brute Force Detection: Why Their Template Fires Constantly (And What You Should Change)
All right class.
Microsoft ships an out-of-the-box analytic rule for
Building a Brute Force Detection Query: How To Think Through Network Logon Failures
All right class, take your seats.
This post is about
Continuous Export to Log Analytics: Getting Defender for Cloud Data Where You Need It
Alright, class.
You've got Defender for Cloud on.
The KQL User Audit Playbook: Your Template for Investigations
Alright, class. Take your seats.
It’s 3 PM on
The KQL Playbook (Play #5): The Anomaly Play - Finding the 'Weird'
Alright, class. Take your seats.
In our last beginner session,