Threat Hunting

Building a Brute Force Detection Query: How To Think Through Network Logon Failures

All right class, take your seats. This post is about

Continuous Export to Log Analytics: Getting Defender for Cloud Data Where You Need It

Alright, class. You've got Defender for Cloud on.

The KQL User Audit Playbook: Your Template for Investigations

Alright, class. Take your seats. It’s 3 PM on

The KQL Playbook (Play #4): The Correlation Play - Joining Tables and Enriching Data

Alright, class. Take your seats. In our last play, we

The KQL Playbook (Play #3): Mastering Strings, Timestamps, and Ugly JSON

Alright, class. Welcome back to the KQL Playbook. In our

Hunting Ransomware in Storage Accounts (When You Can't Afford Defender)

Alright, class. Let's talk about the crown jewels

Microsoft Threat Intelligence: Giving Your Sentinel a Brain

Alright, class. Let's talk about the first question

Sentinel's Endgame Gear: Sentinel Data Lake

Alright, class. You’ve tamed your monthly Azure bill. You&

The KQL Playbook (Play #1): A Beginner's Guide to Talking to Your Data

Alright, class. You've done it. You've