#kql

Reitse Eskens

@2meterdba.bsky.social

22 hours ago

Microsoft Fabric Realtime Intelligence: Processing XML, or are you? I've been working for quite some time on a fun solution in Fabric Realtime Intelligence. We're processing XML files into a structured table. As you're probably aware, XML has its own... well, let's be nice and call them challenges. One thing I ran into was that an element contained several other elements. Usually, you'll see them in an array, but in this case, it wasn't.

Blog alert!

A short one this time, on a nice find processen XML data in Realtime Intelligence.

#MicrosoftFabric
#RealtimeIntelligence
#XML
#Kusto
#KQL
#EventHouse

Emanuel Palm

@palmemanuel.bsky.social

1 week ago

bARGE - boosted Azure Resource Graph Explorer - Visual Studio Marketplace Extension for Visual Studio Code - bARGE is a boosted Azure Resource Graph Explorer for Visual Studio Code, with features for comparison and insights into KQL results.

bARGE is updated! Our favorite #VSCode #KQL extension for #Azure #ResourceGraph now supports

* Over 1000 rows (previous limit)
* Frozen header row when scrolling
* In-file query buttons with CodeLens
* Tabs to keep multiple query results

Check it out! 🏴‍☠️
marketplace.visualstudio.com/items?itemNa...

Rod Trent

@rodtrent.com

1 month ago

When you're ready to take your KQL to the next level: Advanced Must Learn KQL.

The book too large to print. eBook available now: https://amzn.to/4txG0qv

#MustLearnKQL #KQL #KQLMysteries

Rod Trent

@rodtrent.com

1 month ago

Running KQL queries on Microsoft Defender for Endpoint through Azure Automation In this post we will see how to run KQL queries on a Microsoft Defender for Endpoint through Azure Automation, PowerShell. and Graph API

Running KQL queries on Microsoft Defender for Endpoint through Azure Automation www.systanddeploy.co...

#MustLearnKQL #KQL #KQLMysteries

Devfender

@devfender.bsky.social

1 month ago

MCP permissions seem to be missing in #Entra portal so I made a quick #KQL detection to detect when MCP permissions are added:

github.com/jkerai1/KQL-...

Rod Trent

@rodtrent.com

1 month ago

Exciting News: Join the Beta for the Must Learn KQL Mobile App! Because Your Data Won't Query Itself... Unless It's Feeling Particularly Sassy Today!

We're looking for even more beta testers! Join the fun, get all the rewards! All you need is the link and an iOS device.

Exciting News: Join the Beta for the Must Learn KQL Mobile App! rodtrent.substack.co...

#MustLearnKQL #KQL #KQLMysteries

Rod Trent

@rodtrent.com

1 month ago

Exciting News: Join the Beta for the Must Learn KQL Mobile App! rodtrent.substack.co...

#MustLearnKQL #KQL #KQLMysteries

Thomas Naunheim

@naunheim.cloud

1 month ago

Analyzing Workload Identity Activity Through Token-Based Hunting This post introduces the MicrosoftCloudWorkloadActivity KQL function and shows how to hunt token-based activity of workload identities across Microsoft cloud workloads. It covers key parameters, filte...

[New blog post] Analyzing #MicrosoftEntra 🤖 Workload Identity Activity Through 🪙 Token-Based Hunting: I’ve published a #KQL function to hunt activities by tokens from non-human identities and share some experimental queries and insights in this article.
www.cloud-architekt.net/token-huntin...

Rod Trent

@rodtrent.com

1 month ago

Introducing the Must Learn KQL Learning Hub: Your AI-Powered Interactive KQL Companion rodtrent.substack.co...

#MustLearnKQL #KQL #KQLMysteries

Rod Trent

@rodtrent.com

1 month ago

Must Learn KQL now has its own APP!! Full blog post coming on Wednesday, but for those that like tinkering and digging into code, you can get it right now: github.com/rod-trent...

Free and open source.

#MustLearnKQL #KQL #KQLMysteries

Rod Trent

@rodtrent.com

1 month ago

🛠️ Kql Toolbox #5: Phishing & Malware Hunting Welcome back to KQL Toolbox 👋 In KQL Toolbox #1, we learned how to measure Microsoft Sentinel ingest and translate it into real operational dollars. In KQL Toolbox #2, we identified which data sources were driving that cost. In KQL Toolbox #3, we drilled all the way down to specific...

🛠️ Kql Toolbox #5: Phishing & Malware Hunting www.hanley.cloud/202...

#MustLearnKQL #KQL #KQLMysteries

Rod Trent

@rodtrent.com

1 month ago

🛠️ Kql Toolbox #4: What Changed? Finding Log Sources With The Biggest Delta In Volume & Cost Welcome back to KQL Toolbox 👋 In KQL Toolbox #1, we learned how to measure Microsoft Sentinel ingest and translate it into real dollars. In KQL Toolbox #2, we identified which data sources were driving that cost. And in KQL Toolbox #3, we drilled all the way down to specific...

🛠️ Kql Toolbox #4: What Changed? Finding Log Sources With The Biggest Delta In Volume & Cost www.hanley.cloud/202...

#MustLearnKQL #KQL #KQLMysteries

ᴍɪᴄʜᴀʟɪs ᴍɪᴄʜᴀʟᴏs

@cyb3rmik3.bsky.social

1 month ago

FileMaliciousContentInfo table in the advanced hunting schema - Microsoft Defender XDR Learn about the FileMaliciousContentInfo table of the advanced hunting schema

𝗙𝗶𝗹𝗲𝗠𝗮𝗹𝗶𝗰𝗶𝗼𝘂𝘀𝗖𝗼𝗻𝘁𝗲𝗻𝘁𝗜𝗻𝗳𝗼 is a newly introduced 🔍 #AdvancedHunting table for 🛡️ Microsoft Defender for Office 365, currently available in 𝗣𝘂𝗯𝗹𝗶𝗰 𝗣𝗿𝗲𝘃𝗶𝗲𝘄.

🔗 More info: learn.microsoft.com/en-us/defend...

#MicrosoftSecurity #MicrosoftDefender #DefenderXDR #KQL #KustoQuery

Rod Trent

@rodtrent.com

2 months ago

🛠️ Kql Toolbox #3: Which Event Id Noises Up Your Logs (and Who’s Causing It)? Welcome back to KQL Toolbox 👋 Welcome back to the DevSecOpsDad KQL Toolbox series! In the last entry KQL Toolbox #2, we zoomed in on log source cost drivers—using _IsBillable and _BilledSize to identify which tables, severities, and Event IDs were burning the most money in Microsoft Sentinel. 👉 This...

🛠️ Kql Toolbox #3: Which Event Id Noises Up Your Logs (and Who’s Causing It)? www.hanley.cloud/202...

#MustLearnKQL #KQL #KQLMysteries #MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #DefenderXDR

Tom Wechsler

@tomwechsler.bsky.social

2 months ago

Microsoft Intune: Analyze Intune Logs with Kusto Query Language (KQL)!
@microsoft.com @mvpaward.bsky.social @msintune.bsky.social #Microsoft #kql #intune #mvpbuzz #coolstuff
👇👇👇👇
github.com/tomwechsler/...

Rod Trent

@rodtrent.com

3 months ago

🛠️ Kql Toolbox #1: Track & Price Your Microsoft Sentinel Ingest Costs KQL Toolbox is officially live! As part of this new KQL Toolbox series, I bring you practical, reusable KQL snippets straight from the trenches of real-world Microsoft Sentinel work. Think of it as your regular “KQL vitamin:” small dose, big impact. And today we’re kicking things off with the one...

🛠️ Kql Toolbox #1: Track & Price Your Microsoft Sentinel Ingest Costs www.hanley.cloud/202...

#MustLearnKQL #KQL #KQLMysteries #MicrosoftSentinel #Cybersecurity #MicrosoftSecurity #Security #DefenderXDR

Hasamba

@hasamba72.bsky.social

3 months ago

KustoHawk is a PowerShell triage tool for Defender XDR/Sentinel that runs Graph API runHuntingQuery KQL across environments, aggregates device and identity hits, and exports HTML/CSV for investigations. #tool #KQL #DefenderXDR https://bit.ly/48C7mmV

Rod Trent

@rodtrent.com

3 months ago

Finding and Writing KQL Queries with the Model Context Protocol sentinel.blog/findin...

#MustLearnKQL #KQL #KQLMysteries

keroz.bsky.social

@keroz.bsky.social

3 months ago

🎙️ Avec Yoan Schinck sur le threat hunting en KQL!

Au menu:
• Workshop threat hunting dans Microsoft Sentinel
• Détection d'abus de comptes de service

🎧 Web: bit.ly/4oBulU1
🎧 Spotify: bit.ly/4iFhO0a
🎧 YouTube: bit.ly/48z6649

#Cybersécurité #ThreatHunting #KQL #SOC

Leo Visser

@autosysops.bsky.social

3 months ago

Watching the session from @ericberg.de at #CloudBrew ! Nice talk about #Azure #Monitor with #Copilot and #KQL!

FabFest

@fabfestconf.bsky.social

3 months ago

Day 6 of our Education Advent! ⚡
Kusto Query Language powers fast, scalable real-time analytics.

📘 KQL basics: learn.microsoft.com/azure/data-e...

📝 Community intro by #KQL experts: kusto.blog

Rod Trent

@rodtrent.com

3 months ago

What I was writing one year ago today...

The KQL Mysteries Season 1: Chapter 2 rodtrent.substack.co...

#MustLearnKQL #KQL #KQLMysteries

Rod Trent

@rodtrent.com

3 months ago

Who remembers from 2 years ago when I combined fiction with KQL?

The KQL Mysteries Season 1: Chapter 1 rodtrent.substack.co...

#MustLearnKQL #KQL #KQLMysteries

Mehmet Ergene

@cyb3rmonk.bsky.social

3 months ago

Black Friday Mega savings on KQL courses for threat hunting, detection engineering, and incident response.

🔥 #BlackFriday discounts are live🔥
➤ 35% OFF all #KQL courses for threat hunting, detection engineering, and incident response.

#ThreatHunting #DetectionEngineering #DFIR #incidentresponse #CyberSecurity #InfoSec

👉academy.bluraven.io/blackfriday2...

NeilMacMullen

@neilmacmullen.bsky.social

3 months ago

It's been a while but new Kusto-Loco release. Not a lot of changes in this but it does fix a minor issue with TimeSpan serialisation for Parquet files...

#KQL

github.com/NeilMacMulle...

Loris Ambrozzo

@lorisambrozzo.bsky.social

4 months ago

Disabling a user account during a security incident removes them from all Microsoft Teams. Private channel membership is not automatically restored. This #KQL query lists all private channels the user was removed from.

github.com/lorisAmbrozz...

Sebastian Flæng Markdanner

@chanceofsecurity.com

4 months ago

Mastering Microsoft Entra Authentication Contexts - Part 4: Monitoring and Reporting with KQL & M365IdentityPosture We’ve covered what Authentication Contexts are, why they matter, and how they help us strengthen access and data security in Microsoft 365.Now it’s time to answer the next question - how do we monito...

The final part in my Entra Authentication Contexts series is out! Learn how to monitor & report with KQL and a new PowerShell module, M365IdentityPosture. Gain visibility, track usage and strengthen governance.

👉 www.chanceofsecurity.com/post/masteri...

#MSEntra #PowerShell #KQL #M365Security

Rod Trent

@rodtrent.com

4 months ago

🔍 Ready to take your KQL skills to the next level? Advanced Must Learn KQL breaks down complex queries into simple, actionable steps. Perfect for data analysts and engineers! Get your copy today. 💻
🔗 https://amzn.to/3VDrEFs #KustoQuery #DataEngineering #TechLearning #MustLearnKQL #KQL

Rod Trent

@rodtrent.com

4 months ago

🚀 Master Kusto Query Language with Advanced Must Learn KQL! Dive into expert tips, real-world examples, and advanced techniques to supercharge your data analytics skills. Get your copy today and start querying like a pro! 📊
🔗 https://amzn.to/3VDrEFs #KQL #DataAnalytics #LearnKQL #MustLearnKQL

Rod Trent

@rodtrent.com

4 months ago

📖 Unlock the full potential of Kusto Query Language with Advanced Must Learn KQL. Learn advanced techniques, optimize queries, and boost your career in data analytics. Don’t wait—grab your copy now! 🚀
🔗 https://amzn.to/3VDrEFs #LearnKQL #DataSkills #TechBooks #MustLearnKQL #KQL #KQLMysteries