Microsoft Sentinel Β· KQL Deep Dive Stop fragile index-based XML parsing and switch to a universal, future-proof EventData parser that works across all Windows event types in Microsoft Sentinel. β‘ If you’ve ever worked with the Event table in Microsoft Sentinel or Azure Monitor Logs, you already know the pain: EventData is XML and every…
In a Security Operations Center (SOC), timely and accurate data is crucial for identifying and responding to threats. Delays in receiving security logs can lead to gaps in monitoring and create blind spots that adversaries may exploit. Ensuring that logs are being ingested at the expected frequency is critical for maintaining a proactive defense posture….
Ever noticed a difference between incident counts in the Microsoft Sentinel Incident portal and the SecurityIncident table? This blog explains why the SecurityIncident table shows higher counts due to ungrouped alerts, while the Incident portal consolidates them. Understanding the query behind this helps you better interpret your security data.
Explore a potent KQL query dissecting Azure AD audit logs. Analyse user authentication methods & mobile numbers for a fortified security posture.
