BertJanCyber
@bertjancyber.bsky.social
CSIRT | http://kqlquery.com | Microsoft Security MVP | Blue & Purple Team | SOC | SIEM | Threat Hunting | Detection Engineering | #KQL |
It's time to prepare some content for the next
@kqlcafe.bsky.social . I will discuss #KQL, Logic Apps and hunting through the available APIs.
The session is on April 29th and is completely free to attend online.
🗓️Event registration & details: www.meetup.com/kql-cafe/
@kqlcafe.bsky.social . I will discuss #KQL, Logic Apps and hunting through the available APIs.
The session is on April 29th and is completely free to attend online.
🗓️Event registration & details: www.meetup.com/kql-cafe/
March 31, 2025 at 6:05 PM
It's time to prepare some content for the next
@kqlcafe.bsky.social . I will discuss #KQL, Logic Apps and hunting through the available APIs.
The session is on April 29th and is completely free to attend online.
🗓️Event registration & details: www.meetup.com/kql-cafe/
@kqlcafe.bsky.social . I will discuss #KQL, Logic Apps and hunting through the available APIs.
The session is on April 29th and is completely free to attend online.
🗓️Event registration & details: www.meetup.com/kql-cafe/
Pushed a #KQL for: Successful device code sign-in from an unmanaged device.
Query is available for AADSignInEventsBeta and SigninLogs. Less known is the AADSignInEventsBeta filter for device code:
| where EndpointCall == "Cmsi:Cmsi"
🏹Query: github.com/Bert-JanP/Hu...
Query is available for AADSignInEventsBeta and SigninLogs. Less known is the AADSignInEventsBeta filter for device code:
| where EndpointCall == "Cmsi:Cmsi"
🏹Query: github.com/Bert-JanP/Hu...
February 17, 2025 at 6:53 PM
Pushed a #KQL for: Successful device code sign-in from an unmanaged device.
Query is available for AADSignInEventsBeta and SigninLogs. Less known is the AADSignInEventsBeta filter for device code:
| where EndpointCall == "Cmsi:Cmsi"
🏹Query: github.com/Bert-JanP/Hu...
Query is available for AADSignInEventsBeta and SigninLogs. Less known is the AADSignInEventsBeta filter for device code:
| where EndpointCall == "Cmsi:Cmsi"
🏹Query: github.com/Bert-JanP/Hu...
These two mails keep providing great value to list new actions found in a tenant. Very useful to find new detection & hunting potential, anomalies or just to understand your data better.
I will probably write a small blog about the topic soon.
Deployment: github.com/Bert-JanP/Se...
I will probably write a small blog about the topic soon.
Deployment: github.com/Bert-JanP/Se...
January 20, 2025 at 4:27 PM
These two mails keep providing great value to list new actions found in a tenant. Very useful to find new detection & hunting potential, anomalies or just to understand your data better.
I will probably write a small blog about the topic soon.
Deployment: github.com/Bert-JanP/Se...
I will probably write a small blog about the topic soon.
Deployment: github.com/Bert-JanP/Se...
It has been a good day. 😅
Az.SecurityInsights.internal\New-AzSentinelAlertRule : The maximum number of enabled Scheduled analytics rules (512)
learn.microsoft.com/en-us/azure/...
Az.SecurityInsights.internal\New-AzSentinelAlertRule : The maximum number of enabled Scheduled analytics rules (512)
learn.microsoft.com/en-us/azure/...
December 23, 2024 at 6:38 PM
It has been a good day. 😅
Az.SecurityInsights.internal\New-AzSentinelAlertRule : The maximum number of enabled Scheduled analytics rules (512)
learn.microsoft.com/en-us/azure/...
Az.SecurityInsights.internal\New-AzSentinelAlertRule : The maximum number of enabled Scheduled analytics rules (512)
learn.microsoft.com/en-us/azure/...
Anyone already seen the column ThreatClassification land in their tenant? The column will be added to the EmailEvents table.
Source: techcommunity.microsoft.com/blog/microso...
Source: techcommunity.microsoft.com/blog/microso...
December 6, 2024 at 5:43 PM
Anyone already seen the column ThreatClassification land in their tenant? The column will be added to the EmailEvents table.
Source: techcommunity.microsoft.com/blog/microso...
Source: techcommunity.microsoft.com/blog/microso...