- 25
- 6 311
KQL Cafe
Netherlands
Registrace 27. 01. 2022
KQLCafe | Session 25 | Michalis Michalos | June 2024
0:00 Welcome to #KQLCafe
What's new in #kql
3:25 Log Analytics Simple Mode
learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-simple-mode
5:59 Definitive Guide to KQL Book: Microsoft Queries
7:06 WDACConfig
czcams.com/video/oyz0jFzOOGA/video.html
8:13 Audit Defender XDR
github.com/KQLMSPress/definitive-guide-kql/tree/main/Extra%20Microsoft%20Employee%20Submitted%20Queries
11:49 Hidden Desktops
techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/detect-suspicious-processes-running-on-hidden-desktops/ba-p/4072322
Our KQL Guest
12:25 Michalis Michalos
19:24 Projects
www.michalos.net
www.github.com/cyb3rmik3/KQL-threat-hunting-queries
www.github.com/cyb3rmik3/MDE-DFIR-Resources
www.github.com/cyb3rmik3/Hunting-Lists
30:41 Keeping an eye on #WSL through MDE
www.michalos.net/2024/06/25/keeping-an-eye-on-wsl-through-microsoft-defender-for-endpoint/
Learn KQL
1:13:15 The * in project
What did you do with KQL this month
1:19:25 Automation Account Runbook logs
1:21:55 #JA3 / #JA3S in Advanced Hunting
1:30:38 Internet Facing Devices
github.com/alexverboon/Hunting-Queries-Detection-Rules/blob/main/Defender%20For%20Endpoint/MDE-InternetFacing.md
What's new in #kql
3:25 Log Analytics Simple Mode
learn.microsoft.com/en-us/azure/azure-monitor/logs/log-analytics-simple-mode
5:59 Definitive Guide to KQL Book: Microsoft Queries
7:06 WDACConfig
czcams.com/video/oyz0jFzOOGA/video.html
8:13 Audit Defender XDR
github.com/KQLMSPress/definitive-guide-kql/tree/main/Extra%20Microsoft%20Employee%20Submitted%20Queries
11:49 Hidden Desktops
techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/detect-suspicious-processes-running-on-hidden-desktops/ba-p/4072322
Our KQL Guest
12:25 Michalis Michalos
19:24 Projects
www.michalos.net
www.github.com/cyb3rmik3/KQL-threat-hunting-queries
www.github.com/cyb3rmik3/MDE-DFIR-Resources
www.github.com/cyb3rmik3/Hunting-Lists
30:41 Keeping an eye on #WSL through MDE
www.michalos.net/2024/06/25/keeping-an-eye-on-wsl-through-microsoft-defender-for-endpoint/
Learn KQL
1:13:15 The * in project
What did you do with KQL this month
1:19:25 Automation Account Runbook logs
1:21:55 #JA3 / #JA3S in Advanced Hunting
1:30:38 Internet Facing Devices
github.com/alexverboon/Hunting-Queries-Detection-Rules/blob/main/Defender%20For%20Endpoint/MDE-InternetFacing.md
zhlédnutí: 82
Video
KQL Cafe | Session 24 | Guest: Nicola Suter | May 2024
zhlédnutí 117Před měsícem
0:00 Welcome to #KQLCafe What's new in #kql 2:43 The Definitive Guide to KQL www.amazon.com/dp/0138293384 3:51 CloudAppEvents, Hunting and #XPSM Our KQL Guest 6:08 Nicola Suter github.com/nicolonsky/ITDR tech.nicolonsky.ch/ nicolasuter.medium.com 8:02 #IDTR with KQL 11:29 Cross Tenant Access 25:15 Conditonal Access 43:17 Conditional Access #DCR 47:39 Tracking Entra ID attribute changes 58:53 En...
KQL Cafe | Session 23 | Guest: Henning Rauch | April 2024
zhlédnutí 142Před 2 měsíci
0:00 Welcome to #KQLCafe What's new in #kql 1:51 Introduction to KQL for security analists academy.bluraven.io/ 6:03 Steven Lims #Elite KQL www.linkedin.com/pulse/slims-elite-kql-detection-cyber-defense-tips-steven-lim-wujbc/?trackingId=kmHuitogSda6wj0lk/tV+g 7:29 Definitive Guide to KQL github.com/KQLMSPress/definitive-guide-kql 8:19 News Strategies to monitor and prevent vulnerable driver att...
KQL Cafe | Session 22 | Guest: Purav Desai | March 2024
zhlédnutí 368Před 4 měsíci
0:00 Welcome to #KQLCafe What's new in #kql 2:28 Common KQL Mistake in ThreatHunting posts.bluraven.io/a-common-kql-mistake-in-threat-hunting-and-detection-engineering-61053b4f3308 4:16 Microsoft Security Exposure Management techcommunity.microsoft.com/t5/security-compliance-and-identity/introducing-microsoft-security-exposure-management/ba-p/4080907 5:44 Unraveling the Mysteries of Kusto's Par...
KQL Cafe | Session 21 | Guest: Fabian Bader | February 2024
zhlédnutí 188Před 5 měsíci
0:00 Welcome to #KQLCafe What's new in #kql 2:06 Learn KQL in one month 3:35 Device Query in Intune Notable articles and queries 5:03 ListAllActionsAndOperations() 7:14 Device Isolation Notification 12:01 Update Records in #ADX Our KQL Guest: 13:10 Fabian Bader 15:06 UnifiedSigninLogs Function 19:15 EntraID-ErrorCodes github.com/f-bader/EntraID-ErrorCodes 36:08 #Sentinel #Watchlists www.powersh...
KQL Cafe | Session 20 | Guests: Ilana Waitser Elyran Malka | January 2024
zhlédnutí 159Před 6 měsíci
0:00 Welcome to #KQLCafe What's new in #KQL 2:50 The Definitive guide to KQL 3:31 #KC7Cyber #Kusto training 7:09 Notbable Arcticles 8:34 Connecting #Exporer to log analytics Our KQL Guest: 10:35 Ilana Waitser and Elyran Malka 13:07 #LogAnayltics simple mode Learn KQL 48:14 Sigma 51:35 sigconverter.io 53:11 Sigma to #M365D #XDR python module What did you do with KQL this month Microsoft Defender...
KQL Cafe | Session 19 | Guest: Ugur Koc | November 2023
zhlédnutí 156Před 8 měsíci
0:00 Welcome to #KQLCafe What's new in #KQL 2:32 Notable KQL Queries 2:55 #KQLQuery.com 4:49 #LearjingKijo 6:06 #TheKQLMysteries 8:13 #KQLTraining 9:03 As operator Our KQL Guest: 15:25 Ugur Koc 15:27 #KQLSearch.com 45:00 #KustoInsights What did you do with KQL this month 56:19 #ASR Revisited
KQL Cafe | Session 18 | Guest: Morten Waltorp Knudsen October 2023
zhlédnutí 146Před 8 měsíci
0:00 Welcome to #KQLCafe What's new in #KQL 1:57 Microsoft #Graph Logs 9:11 KQL: A Gateway to Microsoft #Sentinel 10:33 Microsoft Defender Harvester Learn KQL 17:23 #Kusto 100 Knocks Our KQL Guest: 18:26 Morten Waltorp Knudsen 19:48 #ClientInspector 30:25 #AzLogDcrIngestPS 31:27 Unleash the power of the #AzureResourceGraph What did you do with KQL this month 1:33:31 #EntraID App Consent Cleanup...
KQL Cafe | Session 17 | Guest: Brian Bønk Rueløkke September 2023
zhlédnutí 184Před 10 měsíci
0:00 Welcome to #KQLCafe What's new in #KQL 2:10 #MDE #Zeek #NetworkSignatureInspected 6:35 #AzureResourceGraph in #Microsoft #Sentinel 18:39 KQLQuery.com 20:24 Beta.KQLSearch.com 21:41 Graph operators 23:46 IdentityInfo table with #MDI data Learn KQL 27:18 set query_now Our KQL Guest: 35:03 Brian Bønk Rueløkke 36:45 Jupyter KQL magic Demo Notebook: github.com/Azure/kusto-adx-cse What did you d...
KQL Cafe | Session 16 | Alex & Gianni | June 2023
zhlédnutí 180Před rokem
Topics: 0:00 Welcome to #KQLCafe What's new in #KQL 3:28 Kusto Detective Agency #KDA season 2 5:04 Ten Minute KQL 6:59 DeviceNetworkEvents in #M365D advanced hunting 10:25 BehaviorInfo BehaviorEntities in Defender for Cloud Apps #MDCA 16:33 geo_info_from_ip_address() function Learn KQL 25:17 Sentinel Detection malicious MFA registration #T1098 ( T1098.005 ) 43:33 Which entities are returned by ...
KQL Cafe | Session 15 | Guest: Clive Watson | May 2023
zhlédnutí 123Před rokem
Topics: 0:00 Welcome to #KQLCafe What's new in #KQL 1:40 Sentinel Hunting Experience Learn KQL 4:00 hint.strategy=shuffle Our KQL Guest: 11:25 Clive Watson 17:36 Workspace Usage Report Workbook 23:08 Sentinel Central Workbook 38:36 Resource Graph and KQL in a Workbook 45:45 API Calls from a Workbook 59:12 Sentinel Investigation Insights Workbook What did you do with KQL this month 1:19:18 Hunti...
KQL Cafe | Session 14 | Guest: Thijs Lecomte | April 2023
zhlédnutí 162Před rokem
Topics: 0:00 Welcome to #KQLCafe What's new in #KQL 1:47 #Zeek in #DeviceNetworkEvents 5:01 Defender for Endpoint internet-facing devices 7:39 Microsoft threat actor naming 8:27 Hidden characters in de Sentinel GUI Our KQL Guest: 21:57 Thijs Lecomte 25:38 Automation with #Microsoft #Sentinel and #LogicApps 26:21 Creating LogicApps in Microsoft Azure 33:54 Running a playbook in Microsoft Sentine...
KQL Cafe | Session 13 | Guest: Alexander Sloutsky | April 2023
zhlédnutí 286Před rokem
Topics: 0:00 Welcome to #KQLCafe What's new in #KQL 1:25 BehaviorInfo & BehaviorEntities in M365D Advanced Hunting 3:15 Near real-time custom detections in M365D 6:35 IdentityLogonEvents IdentityQueryEvents IdentityDirectoryEvents update 8:37 DeviceInfo and DeviceNetworkInfo update 16:32 #MitreKQL hashtag/MITREKQL Our KQL Guest: 17:46 Alexander Sloutsky 19:32 History of KQL 27:18 Te...
KQL Cafe | Session 12 | Guest: Ugur Koc | February 2023
zhlédnutí 100Před rokem
Topics: 0:00 Welcome to KQL Cafe What's new in KQL 4:08 Interactive KQL Cheat Sheet 5:41 ABC of Threat Hunting Learning KQL: 8:50 bag_unpack 13:19 parse_commandline Our KQL Guest: 18:38 Ugur Koc 20:49 KQL and Intune 42:55 KQLSearch.com
KQL Cafe | Session 11 | Guest : Rogier Dijkman | January 2023
zhlédnutí 268Před rokem
Topics: 0:00 Welcome to KQL Cafe 1:05 KQL Cafe statistics 2022 What's new in KQL 3:36 Nothing new but a some cool blogposts 7:20 M365D Query resources report Learning KQL: 10:00 parse_user_agent 16:06 M365D Attack Surface Reduction State Our KQL Guest: 27:08 Rogier Dijkman 29:09 KQL Coding Style Guide Learning KQL: 53:01 Multiple NOT statements in KQL What did you do with KQL this month? 1:04:5...
KQLCafe | Session 10 | Guest: Bert Jan Pals | November 2022
zhlédnutí 237Před rokem
KQLCafe | Session 10 | Guest: Bert Jan Pals | November 2022
KQLCafe | Session 9 | Guest: Jan Ketil Skanke | October 2022
zhlédnutí 179Před rokem
KQLCafe | Session 9 | Guest: Jan Ketil Skanke | October 2022
KQLCafe | Session 8 | Guest: Mattias Borg | September 2022
zhlédnutí 163Před rokem
KQLCafe | Session 8 | Guest: Mattias Borg | September 2022
KQLCafe | Session 7 | Guest: Aswin Patil | August 2022
zhlédnutí 203Před rokem
KQLCafe | Session 7 | Guest: Aswin Patil | August 2022
KQL Cafe | Session 5 | Guest: Mehmet Ergene | May 2022
zhlédnutí 390Před 2 lety
KQL Cafe | Session 5 | Guest: Mehmet Ergene | May 2022
KQL Cafe | Session 4 | Guest: Olaf Hartong | April 2022
zhlédnutí 652Před 2 lety
KQL Cafe | Session 4 | Guest: Olaf Hartong | April 2022
KQL Cafe | Session 3 | Guest: Matt Lowe | March 2022
zhlédnutí 243Před 2 lety
KQL Cafe | Session 3 | Guest: Matt Lowe | March 2022
KQL Cafe | Session 2 | Guest: Matt Zorich | February 2022
zhlédnutí 329Před 2 lety
KQL Cafe | Session 2 | Guest: Matt Zorich | February 2022
KQL Cafe | Session 1 | Guest: Rod Trent | January 2022
zhlédnutí 1,1KPřed 2 lety
KQL Cafe | Session 1 | Guest: Rod Trent | January 2022
When is today one coming out ?
Is there a why for me to identify how many files currently exist on my M365 tenant? How can I accomplish this?
Will be going over all the videos.Please keep posting
Very cool!!!! I am watching all the videos on the channel and really enjoying them Of course, as well as watching, I´m applying my knowledge to clients. Thank you!
Great session, happy to hear about geo_info_from_ip_address()
I liked the external reference to Nord VPNs, now I'm curious if there is something for each VPN service, or better yet a consolidated external link to all VPN services.
Thanks for starting this community! looking forward to going back in time to review all of the episodes.
Welcome aboard! Looking forward to your episodes.
Hi, Your content is very good but I found some problematic issues for this reason your channel facing problems for growing fast, If you want to fix that, then you provide me any way to reach out to you, and I will help you. Thank you.
Alternatively to the leading/trailing spaces issue that Gianni showed, you could also use the unicode_codepoints_from_string() and unicode_codepoints_to_string() functions to find all the unicode values for characters that look like spaces. Once you've done that, you can build the string value that you are looking for so that it only includes 1 space for example and use the unicode_codepoints_to_string() function to turn it back into a readable string.
Very good! I´m learning very! Thanks
Great to hear that! Thank you to
Just come across your videos and love them. Looking forward to seeing more and learning more advanced kql in detection engineering
Superb
Thanks for the great session
Thanks!