2meterdba | Reitse Eskens4h ago

Blog alert!

This time, a way to handle arrays that only have one element in KQL. A follow-up to the previous blog on XML and JSON.

#MicrosoftFabric
#ADX
#Kusto
#KQL
#JSON
#XML
#DataEngineer

http://sqlreitse.com/2026/03/17/microsoft-realtime-intelligence-the-array-that-wasnt/

Microsoft Realtime Intelligence: the array that wasn’t

In a previous blog, I wrote about processing XML and that it’s actually JSON after the first pass. So far, so good. But then I found out that not all data was returned. That’s weird bec…

Reitse's blog
2meterdba | Reitse Eskens3d ago

Blog alert!

A short one this time, on a nice find processen XML data in Realtime Intelligence.

#MicrosoftFabric
#RealtimeIntelligence
#XML
#Kusto
#KQL
#EventHouse

http://sqlreitse.com/2026/03/14/microsoft-fabric-realtime-intelligence-processing-xml-or-are-you/

Microsoft Fabric Realtime Intelligence: Processing XML, or are you?

I’ve been working for quite some time on a fun solution in Fabric Realtime Intelligence. We’re processing XML files into a structured table. As you’re probably aware, XML has its …

Reitse's blog
Tedi HeriyantoDec 31

Microsoft Defender for Endpoint Deep Dive

- Part 1: https://cyberboo.substack.com/p/microsoft-defender-for-endpoint-deep?r=6h4qin

- Part 2: https://cyberboo.substack.com/p/microsoft-defender-for-endpoint-part

- Part 3: https://cyberboo.substack.com/p/microsoft-defender-for-endpoint-part-14d

- Part 4: https://cyberboo.substack.com/p/microsoft-defender-for-endpoint-part-dc3

- Part 5: https://cyberboo.substack.com/p/microsoft-defender-for-endpoint-part-8bb

- Part 6: https://cyberboo.substack.com/p/microsoft-defender-for-endpoint-part-259

#microsoft #defenderforendpoint #kql

Microsoft Defender for Endpoint Deep Dive: Part 1

Uncover the technology stack behind Microsoft's most critical security component - from behavioral sensors and cloud analytics to automated investigation capabilities that redefine endpoint protection

CyberBoo
PolySécure NLFDec 11

🎙️ Avec Yoan Schinck sur le threat hunting en KQL!

Au menu:
• Workshop threat hunting dans Microsoft Sentinel
• Détection d'abus de comptes de service
• Comment créer un homelab avec juste 2 VM et des outils gratuits

Sa philosophie: maîtrisez les concepts, la syntaxe s'apprend ensuite.

🎧 Web: https://polysecure.ca/posts/episode-0x673.html#db0bb2c2
🎧 Spotify: https://open.spotify.com/episode/1jBpkTICSTl60b2T2AMyPA?si=UjbrTZYQSFygVHm68VAWjw
🎧 YouTube: https://youtu.be/xooV2tQ4dy8

#Cybersécurité #ThreatHunting #KQL #SOC

KatosOct 18

🕵️‍♂️ KQL is both a science and an art.

If you’ve ever felt your Sentinel queries were running slow or costing more than they should, you’re not alone.
This week’s #SentinelSaturdays covers how to write leaner, faster, more efficient KQL queries with practical examples you can use today.

🔗 Read the full walkthrough here: https://marshsecurity.org/sentinel-skills-saturday-edition-one/

Share your comments 👇
What’s YOUR top KQL tip or favourite optimisation trick?

Let’s build a thread of practical advice for the hunting community.
#MicrosoftSentinel #KQL #ThreatHunting #SecurityOperations

Jonathan Kamens 86 47Aug 29, 2025
I'm starting to work with #Microsoft #Sentinel, so I want to teach myself the basics of #KQL. There's a tutorial: https://learn.microsoft.com/en-us/kusto/query/tutorials/learn-common-operators . It sends me to https://learn.microsoft.com/en-us/fabric/real-time-intelligence/sample-gallery to get the sample data.
I follow the instructions and end up with data that doesn't match the tutorial so none of the queries in the tutorial work (the query expects a table "StormEvents", the data has "Weather" instead).
This is first experience Microsoft gives to people trying to learn their technology.
smdh
Tutorial: Learn common Kusto Query Language operators - Kusto

This tutorial describes how to write queries using common operators in the Kusto Query Language to meet common query needs.

AzureTracksAug 7, 2025

How to Use Azure Monitor to Gain Insights and Ensure Application Health

In modern cloud environments, maintaining the health and performance of applications is critical. Azure Monitor provides a full-stack monitoring solution that enables organizations to track metrics, diagnose issues, and gain deep insights into their applications and infrastructure. #azuremonitor #CloudMonitoring #ContainerInsights #devops #kql #loganalytics #sentinel #siem #threatdetection

https://azuretracks.com/?p=2781

DXC://0Aug 2, 2025

Hello tout le monde ! J'ai pu mettre à jour mon repository SOC-Ressources avec pas mal de nouvelles choses 🥳

Cela fait 2 ans que je tente petit à petit de créer une "tour de controle" de l'analyste SOC, avec une liste gratuite, ou n'importe qui pourra trouver des ressources pour investiguer, qualifier et monter en compétence sur ce genre de poste.

https://github.com/DXC-0/SOC-Ressources

Cela s'addresse autant aux nouveaux, qu'à des plus confirmés. N'hésitez pas à partager en masse, c'est le but et à me faire des retours, c'est toujours avec plaisir que j'écouterai les améliorations possibles. 😁

Si vous avez des outils que vous souhaitez lister dedans, pareil, je suis preneur.

Sur ce, bon week-end 🎩

------------------------------------------------------------------------

Hello, everybody! I have been able to update my SOC-Resources repository with a lot of new things.

I am gradually trying to create a "Control Tower" of the SOC analyst, with a free list, or anyone will be able to find resources to investigate, qualify and improve Skills

This applies as much to the new, as to the more confirmed. Don't hesitate to share in mass, that's the goal and to make feedback, it's always with pleasure that I will listen to the possible improvements.

#Github #SOC #SOCAnalyst #BlueTeam #Ressources #Free #Ressources #Cybersécurity #Tools #Courses #Malwares #Reverse #Engineer #IT #SIEM #EDR #AQL #SPL #KQL #Hunting #ThreatHunting #IOC #CTI #intelligence

GitHub - DXC-0/SOC-Ressources: Repository for SOC analysts, queries to investigate, advanced hunting, sites for analysis, malware samples, courses to improve skills, IOC and monitoring.

Repository for SOC analysts, queries to investigate, advanced hunting, sites for analysis, malware samples, courses to improve skills, IOC and monitoring. - DXC-0/SOC-Ressources

GitHub
Stanislav ZhelyazkovJun 27, 2025
Demystifying Anomaly Detection in Microsoft Sentinel using KQL https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/demystifying-anomaly-detection-in-microsoft-sentinel-using-kql/4417621 #Azure #AzureMonitor #MicrosoftSentinel #KQL #Security
Demystifying Anomaly Detection in Microsoft Sentinel using KQL | Microsoft Community Hub

In this article, we break down the math behind anomaly detection, explain it in simple terms, and walk through practical use cases using sample data such as...

TECHCOMMUNITY.MICROSOFT.COM
SecurityAuraJun 2, 2025

#KQL query that looks for network connections to these domains via #MDE DeviceNetworkEvents (Connection or DNS Query).

https://github.com/SecurityAura/DE-TH-Aura/blob/main/Defender%20for%20Endpoint/ExternalData%20-%20Network%20Connection%20to%20Tycoon2FA%20Domain.md

Huge thanks to @racwatchin8872 for making the data available in a way that can be accessed via externaldata 🙏

DE-TH-Aura/Defender for Endpoint/ExternalData - Network Connection to Tycoon2FA Domain.md at main · SecurityAura/DE-TH-Aura

Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or even inspiration). - SecurityAura/DE-TH-Aura

GitHub