• Anatomy Of A Kql Query Part 2

    Posted on April 13, 2023

    Introduction and Use Case: Continuing from a previous post, today we’ll dissect even more simple but powerful KQL queries that are essential to keep in your threat hunting utility belt. Recap: In my last post, we broke down some helpful, basic KQL queries and syntax: Defining table to query against... [Read More]

  • Anatomy Of A Kql Query Part 1

    Posted on April 6, 2023

    Introduction and Use Case: Whether you’re new on the SOC or a seasoned Sentinel Ninja, here are some basic queries I keep coming back to when investigating anything odd about my ingest patterns (and thus my overall cost). Query Breakdown So how do you know something is “odd” with your... [Read More]