Thanks to the power of using DevOps for publishing, the Must Learn KQL series and its artifacts can stay fresh and constantly up to date. I mentioned on Twitter and other social media places over the last week that the entire series has been updated. So, I wanted to set that message in stone by … Continue reading Must Learn KQL Updates – July 22, 2022
Category: KQL
The Must Learn KQL Community Discussion Board
Among all the myriad of cool things that the Must Learn KQL series has birthed, there's now also a Community Discussion board available. The Discussion board is designed to enable Q&A, feedback, ongoing discussions, code posts, polls, and on and on. Must Learn KQL Discussion Board Jump out to the following link to get engaged … Continue reading The Must Learn KQL Community Discussion Board
RSA 2022 Interview on Sentinel Automation and Repositories and KQL
RSA 2022 was a wonderful event for me and for Microsoft, in general. We have a really awesome security story to tell, and the RSA crowd was a very welcoming group. I look forward to next year. During the event, I was fortunate enough to be selected by our good friends at Tiberium to talk … Continue reading RSA 2022 Interview on Sentinel Automation and Repositories and KQL
Spice Up Your Microsoft Sentinel KQL Query Results with Emoji
Here's a little-known tip that can help brighten an otherwise mundane query existence. Instead of producing the normal query results of boring and blah rows and columns of data to sift through, have a little fun with it. Did you know that KQL supports emoji? Emoji in KQL? Say it isn't so!! It has to … Continue reading Spice Up Your Microsoft Sentinel KQL Query Results with Emoji
Must Learn KQL Now Available from Amazon
The Must Learn KQL series has been a success with over 700 completion certificates delivered so far and many thousands more who have gone through the course or still progressing through. I fully expect to see over 1,000 certificates delivered soon. And this has all been through just word of mouth and focused directly on … Continue reading Must Learn KQL Now Available from Amazon
The Microsoft Security Insights Podcast is Coming to Microsoft Reactor
For fans of the weekly Microsoft Security Insights podcast, Frank, Edward, Brodie, and I have some awesome news to share. The popularity of the podcast continues to grow. Not only is the listener audience in an exploding growth spurt, but there are many security experts coming out of the woodwork asking to come on the … Continue reading The Microsoft Security Insights Podcast is Coming to Microsoft Reactor
Addicted to KQL Part 0: The Wit and Wisdom of Standard Columns in Azure Monitor Logs
The Addicted to KQL series is an ongoing, advanced series for KQL. For beginning topics don't start here. Instead, see the original Must Learn KQL series. The series TOC along with the currently completed chapters, sample queries, series images, and even the series eBook will always be located at the following shortlink: https://aka.ms/Addicted2KQL ======================= I have a … Continue reading Addicted to KQL Part 0: The Wit and Wisdom of Standard Columns in Azure Monitor Logs
Create and Maintain Your Own KQL Demo Environment with the New Start-for-free Cluster
As we continue efforts to ensure KQL is accessible to everyone (regardless of whether or not an Azure subscription is required), a new Start-for-free Cluster program has been publicly released. This cluster can be used for learning, for evaluation, or if you're like me, as a hobby to get extra keen on data science. All … Continue reading Create and Maintain Your Own KQL Demo Environment with the New Start-for-free Cluster
Take the Assessment, Get Your Must Learn KQL Certificate
The Must Learn KQL series has reached its completion, but that doesn't mean it's over. In March, I'll kick off the next step in KQL learning in an advanced series called Addicted to KQL. For those just catching on, the Must Learn KQL series has educated close to 5,000 people since it started in November … Continue reading Take the Assessment, Get Your Must Learn KQL Certificate
The Unified Microsoft Sentinel and Microsoft 365 Defender Repository
As product and services always to continue to align its great to see movement in areas that provide pure value. The Microsoft Sentinel GitHub repository has now made room to house Microsoft 365 Defender Hunting queries. KQL is the tie that binds these two security services, and because of that, Hunting queries for Microsoft 365 … Continue reading The Unified Microsoft Sentinel and Microsoft 365 Defender Repository
You must be logged in to post a comment.