KQL - sentinel.blog

sentinel.blog

Sign in Subscribe

KQL

A collection of 3 posts

Leveraging Summary Rules in Microsoft Sentinel: A Practical Guide

Introduction In today's security landscape, organisations face an overwhelming volume of security data. Microsoft Sentinel, as a cloud-native SIEM solution, processes vast amounts of logs daily. However, the sheer volume can impact both performance and cost-efficiency. This is where Summary Rules come into play—a powerful feature that

Automating Security: Creating Microsoft Sentinel Watchlists from Entra ID Group Membership

Automating Sentinel Watchlists with Entra ID Groups and Logic Apps

Streamlining Security Event Collection with Microsoft 365 Defender and Azure Functions

In today's complex cybersecurity landscape, organisations need efficient ways to collect, process, and analyse security events from their Microsoft environments. Microsoft 365 Defender (MDE) offers powerful threat detection capabilities, but extracting and integrating this valuable security data with other systems can be challenging. In this post, I'