KQLCafe
@kqlcafe.bsky.social
A Community to make the world a better place with KQL | Learn, share and practice the KQL language
#KQL #Security #ThreatHunting #LogAnalytics #DataExplorer
https://kqlcafe.com/
#KQL #Security #ThreatHunting #LogAnalytics #DataExplorer
https://kqlcafe.com/
🎉 KustoCon 2025 is official!
Watch the announcement video and register now for the main event or join us onsite in Zurich for also the hands-on detection engineering workshop!
Info & sign-up: kustocon.com/sessions/
#KustoCon #KQL #KustoFans
Watch the announcement video and register now for the main event or join us onsite in Zurich for also the hands-on detection engineering workshop!
Info & sign-up: kustocon.com/sessions/
#KustoCon #KQL #KustoFans
Sessions | KustoConEvent Timetable
kustocon.com
June 2, 2025 at 9:25 PM
🎉 KustoCon 2025 is official!
Watch the announcement video and register now for the main event or join us onsite in Zurich for also the hands-on detection engineering workshop!
Info & sign-up: kustocon.com/sessions/
#KustoCon #KQL #KustoFans
Watch the announcement video and register now for the main event or join us onsite in Zurich for also the hands-on detection engineering workshop!
Info & sign-up: kustocon.com/sessions/
#KustoCon #KQL #KustoFans
Reposted by KQLCafe
Interested to learn more about Azure Fabric? Join us at the KQLCafe tomorrow Tuesday February 25, 18:00 CET with guest speaker Uri Barash
More information and registration here: kqlcafe.com#upcoming-shows
#kql #AzureFabric #Kusto
More information and registration here: kqlcafe.com#upcoming-shows
#kql #AzureFabric #Kusto
KQL Cafe
If you'd like to share your query with the community, feel free to share it via kqlsearch.com Submit Query
kqlcafe.com
February 24, 2025 at 7:13 PM
Interested to learn more about Azure Fabric? Join us at the KQLCafe tomorrow Tuesday February 25, 18:00 CET with guest speaker Uri Barash
More information and registration here: kqlcafe.com#upcoming-shows
#kql #AzureFabric #Kusto
More information and registration here: kqlcafe.com#upcoming-shows
#kql #AzureFabric #Kusto
Reposted by KQLCafe
Microsoft is retiring the MFA Fraud alert in favor of the replacement feature "Report Suspicious Activity" here's a KQL query to detect these events.
github.com/alexverboon/...
#KQL #EntraID #mvpbuzz #MFA
github.com/alexverboon/...
#KQL #EntraID #mvpbuzz #MFA
github.com
January 22, 2025 at 7:58 PM
Microsoft is retiring the MFA Fraud alert in favor of the replacement feature "Report Suspicious Activity" here's a KQL query to detect these events.
github.com/alexverboon/...
#KQL #EntraID #mvpbuzz #MFA
github.com/alexverboon/...
#KQL #EntraID #mvpbuzz #MFA
Reposted by KQLCafe
[New KQL Query] Detect changes to Microsoft Entra ID Self Service Password Reset configuration settings
github.com/alexverboon/...
#KQL #EntraID #SSPR #mvpbuzz
github.com/alexverboon/...
#KQL #EntraID #SSPR #mvpbuzz
github.com
January 22, 2025 at 7:58 PM
[New KQL Query] Detect changes to Microsoft Entra ID Self Service Password Reset configuration settings
github.com/alexverboon/...
#KQL #EntraID #SSPR #mvpbuzz
github.com/alexverboon/...
#KQL #EntraID #SSPR #mvpbuzz
Reposted by KQLCafe
#100DaysOfKQL
Day 18 - Unique DLL With Low Prevalence Loaded From Commonly Abused Folder
Could probably still be fine-tuned further, but it should detect campaigns/malware such as the ones listed in the Description.
May also find unwanted software 👀
github.com/SecurityAura...
Day 18 - Unique DLL With Low Prevalence Loaded From Commonly Abused Folder
Could probably still be fine-tuned further, but it should detect campaigns/malware such as the ones listed in the Description.
May also find unwanted software 👀
github.com/SecurityAura...
github.com
January 19, 2025 at 3:30 AM
#100DaysOfKQL
Day 18 - Unique DLL With Low Prevalence Loaded From Commonly Abused Folder
Could probably still be fine-tuned further, but it should detect campaigns/malware such as the ones listed in the Description.
May also find unwanted software 👀
github.com/SecurityAura...
Day 18 - Unique DLL With Low Prevalence Loaded From Commonly Abused Folder
Could probably still be fine-tuned further, but it should detect campaigns/malware such as the ones listed in the Description.
May also find unwanted software 👀
github.com/SecurityAura...
Hello #KQL Fans & Geeks,
We are taking a short break, but we'll be back in January 2025. Check out our lineup of guest speakers here: kqlcafe.com#our-mission
And in case you missed it, the KustoCon Conference session recordings are available now. kqlcafe.com/KustoCon/Kus...
We are taking a short break, but we'll be back in January 2025. Check out our lineup of guest speakers here: kqlcafe.com#our-mission
And in case you missed it, the KustoCon Conference session recordings are available now. kqlcafe.com/KustoCon/Kus...
December 2, 2024 at 11:15 PM
Hello #KQL Fans & Geeks,
We are taking a short break, but we'll be back in January 2025. Check out our lineup of guest speakers here: kqlcafe.com#our-mission
And in case you missed it, the KustoCon Conference session recordings are available now. kqlcafe.com/KustoCon/Kus...
We are taking a short break, but we'll be back in January 2025. Check out our lineup of guest speakers here: kqlcafe.com#our-mission
And in case you missed it, the KustoCon Conference session recordings are available now. kqlcafe.com/KustoCon/Kus...
Reposted by KQLCafe
Time to get a #KQL query from the shelve: Potential Adversary in the middle Phishing
If you have High-Risk users and axios useragents in the results please revoke some sessions.
🏹 github.com/Bert-JanP/Hu...
Query is available for both SigninLogs and AADSignInEventsBeta.
If you have High-Risk users and axios useragents in the results please revoke some sessions.
🏹 github.com/Bert-JanP/Hu...
Query is available for both SigninLogs and AADSignInEventsBeta.
December 2, 2024 at 5:37 PM
Time to get a #KQL query from the shelve: Potential Adversary in the middle Phishing
If you have High-Risk users and axios useragents in the results please revoke some sessions.
🏹 github.com/Bert-JanP/Hu...
Query is available for both SigninLogs and AADSignInEventsBeta.
If you have High-Risk users and axios useragents in the results please revoke some sessions.
🏹 github.com/Bert-JanP/Hu...
Query is available for both SigninLogs and AADSignInEventsBeta.
🚀 Relive KustoCon 2024! 🧠🌐 Our 6 expert-led sessions are now available for you to watch on-demand. Dive into the latest KQL insights from top community experts. 📹
👉 Watch here: lnkd.in/edeRJQtd
👉 Watch here: lnkd.in/edeRJQtd
LinkedIn
This link will take you to a page that’s not on LinkedIn
lnkd.in
November 26, 2024 at 6:48 PM
🚀 Relive KustoCon 2024! 🧠🌐 Our 6 expert-led sessions are now available for you to watch on-demand. Dive into the latest KQL insights from top community experts. 📹
👉 Watch here: lnkd.in/edeRJQtd
👉 Watch here: lnkd.in/edeRJQtd
Do you like #KQL ? Then follow us here and check out our monthly meetup schdule kqlcafe.com
#mvpbuzz #Community #Learn #Share #Practice #KQL #KustoQueryLanguage
#mvpbuzz #Community #Learn #Share #Practice #KQL #KustoQueryLanguage
November 18, 2024 at 10:18 PM
Do you like #KQL ? Then follow us here and check out our monthly meetup schdule kqlcafe.com
#mvpbuzz #Community #Learn #Share #Practice #KQL #KustoQueryLanguage
#mvpbuzz #Community #Learn #Share #Practice #KQL #KustoQueryLanguage