• Kql Detective Part 1

    Introduction and Use Case: So you’re a new kid on the SOC and Accounting is freaking out about a massive unexpected increase in their Sentinel ingest cost (or a sudden decrease, both are covered in detail) - and demanding an explanation. This is a step-by-step guide to leveraging KQL for... [Read More]
  • Anatomy Of A Kql Query Part 2

    Introduction and Use Case: Continuing from a previous post, today we’ll dissect even more simple but powerful KQL queries that are essential to keep in your threat hunting utility belt. Recap: In my last post, we broke down some helpful, basic KQL queries and syntax: Defining table to query against... [Read More]
  • Anatomy Of A Kql Query Part 1

    Introduction and Use Case: Whether you’re new on the SOC or a seasoned Sentinel Ninja, here are some basic queries I keep coming back to when investigating anything odd about my ingest patterns (and thus my overall cost). Query Breakdown So how do you know something is “odd” with your... [Read More]