Mastodawn

Demystifying Anomaly Detection in Microsoft Sentinel using KQL https://techcommunity.microsoft.com/blog/coreinfrastructureandsecurityblog/demystifying-anomaly-detection-in-microsoft-sentinel-using-kql/4417621 #Azure #AzureMonitor #MicrosoftSentinel #KQL #Security

Demystifying Anomaly Detection in Microsoft Sentinel using KQL | Microsoft Community Hub

In this article, we break down the math behind anomaly detection, explain it in simple terms, and walk through practical use cases using sample data such as...

TECHCOMMUNITY.MICROSOFT.COM

SecurityAura Jun 2

#KQL query that looks for network connections to these domains via #MDE DeviceNetworkEvents (Connection or DNS Query).

https://github.com/SecurityAura/DE-TH-Aura/blob/main/Defender%20for%20Endpoint/ExternalData%20-%20Network%20Connection%20to%20Tycoon2FA%20Domain.md

Huge thanks to @racwatchin8872 for making the data available in a way that can be accessed via externaldata 🙏

DE-TH-Aura/Defender for Endpoint/ExternalData - Network Connection to Tycoon2FA Domain.md at main · SecurityAura/DE-TH-Aura

Repository where I hold random detection and threat hunting queries that I come up with based on different sources of information (or even inspiration). - SecurityAura/DE-TH-Aura

GitHub

r1cksec May 16

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules🕵️‍♂️

https://github.com/Bert-JanP/Hunting-Queries-Detection-Rules

#infosec #cybersecurity #threatintel #threathunting #azure #sentinel #kql

GitHub - Bert-JanP/Hunting-Queries-Detection-Rules: KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules.

KQL Queries. Defender For Endpoint and Azure Sentinel Hunting and Detection Queries in KQL. Out of the box KQL queries for: Advanced Hunting, Custom Detection, Analytics Rules & Hunting Rules. ...

GitHub

Daniel Neumann Apr 26

Use an Azure Managed Identity for Fluent Bit’s Azure Data Explorer output plugin on Azure Kubernetes Service https://www.danielstechblog.io/use-an-azure-managed-identity-for-fluent-bits-azure-data-explorer-output-plugin-on-azure-kubernetes-service/ #Azure #AKS #AzureKubernetesService #Kubernetes #AzureDataExplorer #ADX #KQL #FluentBit

Use an Azure Managed Identity for Fluent Bit’s Azure Data Explorer output plugin on Azure Kubernetes Service – Daniel's Tech Blog

Mehmet Ergene Apr 19

🚨 Test your Lateral Movement investigation skills!

I have just added a new challenge to my FREE "Hands-On Introduction to KQL for Security Analysis" course!

You can even test your AI agents' skills 😉

#KQL#Kusto#MicrosoftSentinel#MicrosoftDefender

https://academy.bluraven.io/course/introduction-to-kql-for-security-analysis

Introduction to KQL for Security Analysis

Learn the basics of KQL to start your journey into security investigations, threat hunting, and detection engineering with hands-on experience in a hyper-realistic lab environment! Certificate of Completion is included!

Blu Raven Academy

Mehmet Ergene Apr 18

🐣 HAPPY EASTER CAPSTONE! 🛡️

My KQL courses now include a complete attack scenario to test your skills — end to end.

🎯 Hands-on labs
📉 20% OFF for a limited time!
Crack it open 👇

#KQL #Kusto #ThreatHunting #DetectionEngineering #DFIR

https://academy.bluraven.io

Home - Blu Raven Academy

Master KQL for threat hunting, detection engineering, and incident response in a hyper-realistic lab environment using real logs!

Blu Raven Academy

Mehmet Ergene Apr 17

🎁 NEW UPDATE:

I've added a small challenge to my FREE "Hands-On Introduction to KQL for Security Analysis" course.

More will be coming soon!

#KQL #Kusto #MicrosoftDefender #MicrosoftSentinel
👇
https://academy.bluraven.io/course/introduction-to-kql-for-security-analysis

Introduction to KQL for Security Analysis

Blu Raven Academy

Mehmet Ergene Apr 10

🚨 FREE unlimited lab access to "Introduction to KQL for Security Analysis" course!

Thrilled to announce that my Intro to KQL for Security Analysis lab environment is now completely free with no time restrictions!

https://academy.bluraven.io/course/introduction-to-kql-for-security-analysis

#KQL #Kusto #ThreatHunting #Infosec

Introduction to KQL for Security Analysis

Blu Raven Academy

b00010111 Mar 28

Detect suspicious foci token logins:
The in cluded description includes an explanation what foci tokens are and why a hunt might be useful. Nice work!

https://github.com/HybridBrothers/Hunting-Queries-Detection-Rules/blob/main/Entra%20ID/DetectSuspiciousFociTokenLogins.md
#DFIR #BlueTeam #KQL

Hunting-Queries-Detection-Rules/Entra ID/DetectSuspiciousFociTokenLogins.md at main · HybridBrothers/Hunting-Queries-Detection-Rules

The purpose of this repository is to share KQL queries to help identify security misconfigurations, hunt for specific patterns, or detect malicious behavior - HybridBrothers/Hunting-Queries-Detecti...

GitHub

kailashr2k Mar 3

Enhance #CopilotStudio with actionable insights! 📊 From tracking engagement to identifying bottlenecks, these KQL queries in Azure Application Insights empower your bot to perform at its best. Optimize today for a smarter tomorrow! #KQL #AI #Azure

http://mytrial365.com/2025/03/04/using-kql-for-monitoring-and-optimizing-microsoft-copilot-studio/

Using KQL for Monitoring and Optimizing Microsoft Copilot Studio

Kusto Query Language (KQL) enables developers to monitor, analyze, and troubleshoot their Copilot implementations through Azure Application Insights. Below are some essential KQL queries designed t…

My Trial