Wayne Andes

September 2, 2024 Wayne Andes 479 Views 0 Comments 5 min read

Analyze Analytics Rules Ingestion Delays Using KQL

Monitoring analytics rules ingestion delay is essential to maintain timely alerting and detection in security operations. Using KQL queries, it

August 26, 2024 Wayne Andes 506 Views 0 Comments 3 min read

Description This KQL query visualizes the incidents that have been triggered for each MITRE ATT&CK Tactic. This will give an

August 19, 2024 Wayne Andes 483 Views 0 Comments 3 min read

Description This KQL query can be used to detect rare UserAgents that are used to sign into your tenant. Those

August 12, 2024 Wayne Andes 505 Views 0 Comments 4 min read

Description This KQL query visualizes the time of which a password reset has last taken place, the information is grouped

August 9, 2024 Wayne Andes 528 Views 0 Comments 2 min read

Description This KQL query detects latest failure events per Data Connector in the last three days. Risk Failures in Data

August 5, 2024 Wayne Andes 413 Views 0 Comments 2 min read

Description This KQL query visualization will return the failure types that occur in your tenant that are related to any

July 29, 2024 Wayne Andes 524 Views 0 Comments 4 min read

Description This KQL query visualises the top 100 Devices that initiate the most clear text LDAP authentications. You preferably want

July 22, 2024 Wayne Andes 463 Views 0 Comments 4 min read

Description This KQL query visualizes the daily triggers in MDE or Sentinel in a columnchart. This can give insight into

July 15, 2024 Wayne Andes 514 Views 0 Comments 4 min read

Description In MDE or Sentinel there are plenty of tables that generate logs, in order to determine which tables ingest