My colleague Nathan Swift (@SwiftSolves) sent me a note yesterday about a tool that I wasn’t aware of, but haven’t been able to stop using since. RealTimeKQL gives you the ability to use KQL queries locally to retrieve event transaction information in <ahem> “real time.”
This is a great way to capture specific event IDs, file paths, and other valuable information that can be used to monitor processes on a specific endpoint as the events happen.
RealTimeKQL on GitHub: https://github.com/microsoft/KqlTools
Demo:
=========================
[Want to discuss this further? Hit me up on Twitter or LinkedIn]
You must log in to post a comment.