• Sentinel Cost Optimization

    Introduction and Use Case: You’ve just deployed Microsoft Sentinel to your Log Analytics Workspace… now what? How do you know this is an efficient setup? Let’s take a walk on the LEAN side. [Read More]
  • Kql Detective Part 2

    Recap: In my last post, we leveraged the awesome power of KQL to investigate the drop in billable LogManagement ingest volume illustrated below (left side). During this investigation, we noticed a sudden increase in Security ingest volume toward the end of March. In this post, we’re going to track down... [Read More]
  • Kql Detective Part 1

    Introduction and Use Case: So you’re a new kid on the SOC and Accounting is freaking out about a massive unexpected increase in their Sentinel ingest cost (or a sudden decrease, both are covered in detail) - and demanding an explanation. This is a step-by-step guide to leveraging KQL for... [Read More]
  • Anatomy Of A Kql Query Part 2

    Introduction and Use Case: Continuing from a previous post, today we’ll dissect even more simple but powerful KQL queries that are essential to keep in your threat hunting utility belt. Recap: In my last post, we broke down some helpful, basic KQL queries and syntax: Defining table to query against... [Read More]