Recently I've started spending more time using Azure Sentinel and I wanted to get up to speed on the Kusto Query Language. This is a collection of my 'Kusto Query Language 101' learnings. What is Kusto Query Language(KQL)? KQL is a read-only language similar to SQL that’s used to query large datasets in Azure. Unlike... Continue Reading →
Threat Hunting with Azure Sentinel
Traditionally, threat hunting has been a manual process in which security team members proactively search and analyze various data sources to detect and isolate potential threats. Azure Sentinel provides powerful search and query tools to proactively hunt for security threats across an organization's data sources, helping you look for new anomalies that weren't detected by... Continue Reading →
Getting Started with Azure Sentinel: Part 2
In my previous blog post, I covered getting started with Azure Sentinel, including how to configure and connect it to a data source. This week I want to talk about the Kusto Query Language (KQL), Azure Workbooks and Playbooks. Let’s get started with KQL. Kusto Query Language The Kusto Query Language (KQL) is a read-only... Continue Reading →
Getting started with Azure Sentinel: Part 1
Security is critical for organizations of all sizes and being able to have visibility across all systems, devices and applications is becoming more important everyday. Azure Sentinel provides a single solution for threat detection, alerting, security analytics and response management across devices, applications and other cloud providers. How Does Azure Sentinel work? Azure Sentinel collects... Continue Reading →
Dave McCollough 