October 7, 2022

A picture is worth a thousand words – visualizing your data.

I am a very visual person. When looking at data I love to look at the trend of that data and see if it tells a […]
September 8, 2022

Deception in Microsoft Sentinel with Thinkst Canaries

Honeypots have been around for a long time in InfoSec. The idea is that you set up some kind of infrastructure – maybe a file server […]
September 6, 2022

Improving your security baseline with KQL

One of my favourite sayings is ‘don’t let perfect be the enemy of good’. I think in cyber security, we can all be guilty of striving […]
August 25, 2022

How to Get the KQL Query Created by the New 365 Defender Query Builder

Hopefully, you didn’t miss the latest news that the new KQL Query Builder for 365 Defender is in public preview. If you did miss it, check […]
July 23, 2022

Must Learn KQL Updates – July 22, 2022

Thanks to the power of using DevOps for publishing, the Must Learn KQL series and its artifacts can stay fresh and constantly up to date. I […]
July 21, 2022

The Must Learn KQL Community Discussion Board

Among all the myriad of cool things that the Must Learn KQL series has birthed, there’s now also a Community Discussion board available. The Discussion board […]
July 7, 2022

Alert When Microsoft Sentinel Daily Ingestion Reaches a Threshold

I just wanted to take a quick moment to highlight the efforts of a community member and to make everyone aware of this potential solution. Ashok […]
July 1, 2022

RSA 2022 Interview on Sentinel Automation and Repositories and KQL

RSA 2022 was a wonderful event for me and for Microsoft, in general. We have a really awesome security story to tell, and the RSA crowd […]
June 24, 2022

Spice Up Your Microsoft Sentinel KQL Query Results with Emoji

Here’s a little-known tip that can help brighten an otherwise mundane query existence. Instead of producing the normal query results of boring and blah rows and […]
June 21, 2022

KQL lessons learnt from #365daysofKQL

If you follow my Twitter or GitHub account, you know that I recently completed a #365daysofKQL challenge. Where I shared a hunting query each day for […]
June 1, 2022

Using Logic Apps and Microsoft Sentinel to alert on expiring Azure AD Secrets

Azure AD app registrations are at the heart of the Microsoft Identity Platform, and Microsoft recommend you rotate secrets on them often. However, there is currently […]
May 20, 2022

Must Learn KQL Now Available from Amazon

The Must Learn KQL series has been a success with over 700 completion certificates delivered so far and many thousands more who have gone through the […]