azure | Azure Sentinel | Cyber Security | Data management | incident management | Microsoft | Microsoft security
Mastering Sentinel: The Essential KQL Query for Every SOC Team
π¨ Just published a new blog post on mastering KQL in Microsoft Sentinel! π¨
In this post, I dive into a must-have query that provides detailed insights into your SOC operations, including total incidents, new, active, and closed incidents, as well as incident duration. Whether you’re looking to optimize your incident response or improve reporting, this query is a game-changer for every SOC team.
