🛠️ Kql Toolbox #4: What Changed? Finding Log Sources With The Biggest Delta In Volume & Cost
KQL Toolbox #4: What Changed? Finding Log Sources with the Biggest Delta in Volume & Cost
[Read More]
Microsoft XDR, KQL, real-world security engineering, and other fun stuff from DevSecOpsDad, your friendly neighbourhood Attack Surface Samurai.
-
-
🛠️ Kql Toolbox #3: Which Event Id Noises Up Your Logs (and Who’s Causing It)?
Welcome back to KQL Toolbox 👋 Welcome back to the DevSecOpsDad KQL Toolbox series! In the last entry KQL Toolbox #2, we zoomed in on log source cost drivers—using _IsBillable and _BilledSize to identify which tables, severities, and Event IDs were burning the most money in Microsoft Sentinel. [Read More] -
🛠️ Kql Toolbox #2: Find Your Noisiest Log Sources (with Cost 🤑)
Welcome back to KQL Toolbox 👋 In the last KQL Toolbox, we zoomed out and looked at billable ingest trends over time—how many GiB per day you’re ingesting, and roughly how much that’s costing you in Microsoft Sentinel. This time, we’re zooming in. [Read More] -
🛠️ Kql Toolbox #1: Track & Price Your Microsoft Sentinel Ingest Costs
KQL Toolbox is officially live! As part of this new KQL Toolbox series, I bring you practical, reusable KQL snippets straight from the trenches of real-world Microsoft Sentinel work. Think of it as your regular “KQL vitamin:” small dose, big impact. And today we’re kicking things off with the one... [Read More] -
🌐 Identify Your Exposed Internet Facing Devices Before They Identify You
Introduction & Use Case: Identifying Internet-Facing Devices Matter to Every Framework You Care About. Before we even dive into tooling, let’s anchor the importance of this work in the actual security and compliance frameworks that govern nearly every mature organization. Pretty much every major framework assumes you know which assets... [Read More]