The KQL User Audit Playbook: Your Template for Investigations
Alright, class. Take your seats.
It’s 3 PM on
Microsoft Sentinel
Microsoft Sentinel
The KQL Playbook (Play #5): The Anomaly Play - Finding the 'Weird'
Alright, class. Take your seats.
In our last beginner session,
The KQL Playbook (Play #4): The Correlation Play - Joining Tables and Enriching Data
Alright, class. Take your seats.
In our last play, we
The KQL Playbook (Play #3): Mastering Strings, Timestamps, and Ugly JSON
Alright, class. Welcome back to the KQL Playbook.
In our
The KQL Playbook (Play #2): Mastering the Matching Game
Alright, class. Welcome back to the KQL playbook.
In our
The Self-Updating Watchlist: Automating Sentinel with Logic Apps & Graph API
Alright, class.
Let's talk about one of the
Herding Cats with Sentinel: An In-Depth Guide to Workspace Manager
Alright, class.
In a previous lesson, we discussed the "
Beyond the Basics: Forging Your Own Custom Detections in Defender XDR
Alright, class.
You've started to notice something. Sentinel
Hunting Ransomware in Storage Accounts (When You Can't Afford Defender)
Alright, class.
Let's talk about the crown jewels
The "Undo" Button for Sentinel Logs: An In-Depth Guide to Purging Data
Alright, class.
Let's talk about the "I