Fixing Microsoft's Azure Brute Force Detection: Why Their Template Fires Constantly (And What You Should Change)
All right class.
Microsoft ships an out-of-the-box analytic rule for
KQL
Building a Brute Force Detection Query: How To Think Through Network Logon Failures
All right class, take your seats.
This post is about
Continuous Export to Log Analytics: Getting Defender for Cloud Data Where You Need It
Alright, class.
You've got Defender for Cloud on.
The KQL User Audit Playbook: Your Template for Investigations
Alright, class. Take your seats.
It’s 3 PM on
The KQL Playbook (Play #5): The Anomaly Play - Finding the 'Weird'
Alright, class. Take your seats.
In our last beginner session,
The KQL Playbook (Play #4): The Correlation Play - Joining Tables and Enriching Data
Alright, class. Take your seats.
In our last play, we
The KQL Playbook (Play #3): Mastering Strings, Timestamps, and Ugly JSON
Alright, class. Welcome back to the KQL Playbook.
In our
The KQL Playbook (Play #2): Mastering the Matching Game
Alright, class. Welcome back to the KQL playbook.
In our
Hunting Ransomware in Storage Accounts (When You Can't Afford Defender)
Alright, class.
Let's talk about the crown jewels
Sentinel's Built-in Consultant: An In-Depth Guide to SOC Optimization
Alright, class.
You've built your security operations center