DevSecOpsDad

Welcome back to KQL Toolbox 👋 Last week in KQL Toolbox #5, we went full threat-hunter mode — tracking phishing and malware campaigns across domains, senders, and payload patterns. [Read More]

Welcome back to KQL Toolbox 👋 In KQL Toolbox #1, we learned how to measure Microsoft Sentinel ingest and translate it into real operational dollars. In KQL Toolbox #2, we identified which data sources were driving that cost. In KQL Toolbox #3, we drilled all the way down to specific... [Read More]

Welcome back to KQL Toolbox 👋 In KQL Toolbox #1, we learned how to measure Microsoft Sentinel ingest and translate it into real dollars. In KQL Toolbox #2, we identified which data sources were driving that cost. And in KQL Toolbox #3, we drilled all the way down to specific... [Read More]

Welcome back to KQL Toolbox 👋 Welcome back to the DevSecOpsDad KQL Toolbox series! In the last entry KQL Toolbox #2, we zoomed in on log source cost drivers—using _IsBillable and _BilledSize to identify which tables, severities, and Event IDs were burning the most money in Microsoft Sentinel. [Read More]

Welcome back to KQL Toolbox 👋 In the last KQL Toolbox, we zoomed out and looked at billable ingest trends over time—how many GiB per day you’re ingesting, and roughly how much that’s costing you in Microsoft Sentinel. This time, we’re zooming in. [Read More]