Interested to learn more about Azure Fabric? Join us at the #KQLCafe tomorrow Tuesday February 25, 18:00 CET with guest speaker Uri Barash More information and registration here: kqlcafe.com/#upcoming-shows #KQL #AzureFabric #Kusto

🔍 Unlocking Deeper Insights with Multi-Device Queries in Intune You’re working on incidents and need to identify all devices with outdated BIOS. Or maybe you’re planning a Windows 11 rollout and must find devices without TPM 2.0. Running queries one device at a time? That’s

In preview, we now link identifiers such as sessionId and uniqueTokenIdentifier across telemetry in Entra and M365 to help your threat hunters and incident responders track activity bound to a single authentication, check it - learn.microsoft.com/en-us/entra/id…

Microsoft is introducing a new data schema for TI data within #Sentinel. From 31. July 2025 data ingestion will transition exclusively to the new ThreatIntelIndicators and ThreatIntelObjects tables. #KQL to identify refs to old tables for analytic rules: github.com/nicolonsky/ITD…

Since we're almost nearing the end of my take on the #100DaysOfKQL challenge, I would like to know if you used one of the queries, as it was, or improved and if so, did you end up finding something? Anything: suspicious, malicious, unexpected, etc. Would love to know about it.

In April 29. 18:00 CET we host our next KQL Cafe meetup with guest Bert-Jan 🛡️ more details and registration info here kqlcafe.com #kql

I've published a #KQL function ("WorkloadIdentityInfoXDR") for #MicrosoftDefender to enhance details of #MicrosoftEntra #WorkloadID from various sources, incl. the new table "OAuthAppInfo" but also IdentityInfo table and #ExposureManagement. (1/2) 🔗 github.com/Cloud-Architek…

#100DaysOfKQL Day 100 - CScript.exe, WScript.exe or MSHTA.exe Executed from Web Browser Process IT'S FINALLY OVER! I had another query in store for today, but I feel like this challenge wouldn't be complete without that one. (cont) github.com/SecurityAura/D…

Microsoft announced the public preview of the OAuthAppInfo table in the Advanced Hunting schema. I created multiple #KQL queries to help you kick-start the usage of this table.🚀 The queries help you to identify high-permissive, unused and external apps. github.com/Bert-JanP/Hunt…

Are you joining The KQLCafe next week? I will be talking about #KQL, Logic Apps, APIs and a combination of the three during the session. Interested? Register here: meetup.com/kql-cafe/event… 📅 When: April 29 18:00 - 19:30 (CET) 🖥️ Where: Online 💰 Cost: Free of charge

The ClickFix Triage KQL query is now available. The blog will be out next Tuesday. github.com/Bert-JanP/Hunt… Enjoy the weekend!

Some time ago, I developed some #KQL queries to get insights on the data you have available. The results list information about tables, sub-tables and entities. Choosing a proactive approach to your data is highly recommended to stay on top of threats. github.com/Bert-JanP/Hunt…

Bert-Jan Pals joins the latest #KQLCafe to share how he uses Microsoft security APIs and Azure Logic Apps for incident automation! Hosted by Alex Verboon . Plus, save the date for #KustoCon 2025 (Nov 6 in Zurich). youtu.be/sQaBtJ9UU5k

New to KQL? In this quick beginner’s guide, I’ll explain what Kusto Query Language is, where it’s used in Azure, and how to write simple queries using operators and functions. Perfect for IT pros, security analysts, and data enthusiasts. bit.ly/4d69vId

Finally took the time to write a quick blog post on my #100DaysOfKQL challenge. medium.com/@securityaura/… The tl;dr is that I'm never doing anything like this again, at least, not before I have a LOT more free time than I have now. But very happy to have gone through with it!

Next Tuesday, May 27th Christos Galanopoulos and I will join my dear fellows Alex Verboon and Gianni at this month's 𝐊𝐐𝐋 𝐂𝐚𝐟𝐞. Christos Galanopoulos and I worked over the past couple of months on 𝐬𝐊𝐚𝐥𝐞𝐐𝐋, a tool that allows query automation on your log

KustoCon 2025 youtu.be/0NFtVZ_bieI?si…

🎉 KustoCon 2025 is official! Watch the announcement video and register now for the main event or join us onsite in Zurich for also the hands-on detection engineering workshop! Info & sign-up: kustocon.com/sessions/ #KustoCon #KQL #KustoFans

📢 New #KQLCafe just dropped on YouTube 🔹 sKaleQL Michals Michalos and Christos Galanopoulos 🔹 Defender hunts Teams messages 🔹 Multi-Tenant Defender is GA 🔹 Detecting malicious PowerShell 🎥 youtu.be/Yna97PlIX18 📝 kqlcafe.com/shownotes/2025… #KQL #DefenderXDR

Join Alex Verboon Gianni and Thomas Naunheim today for another KQLCafe