1000 stars! ⭐️Thanks for all the support. I still remember the first detection I ever published on the Follina 0-day (CVE-2022-30190). My KQL skills have slightly increased since 😆. 2 years later and 299 detections further I am still having fun! 🔗 github.com/Bert-JanP/Hunt…
🛡 New Blog: Investigating Microsoft Graph Activity Logs In April Microsoft announced GA of the Graph activity logs, this new log source opens opportunities for defenders. The blog explains how the data can be effectively analyzed and enriched with #KQL . kqlquery.com/posts/graphact…
All the queries from the KQL book that we wrote are now available on the books official repo for you to explore and use. If you buy the book, you will get all the context with them, like why we favour some operators over others, but have a read either way! aka.ms/KQLMSPress/Git…
📌 When beginning this project, I never imagined how much I would learn, the relationships I've built & the opportunities I'd have. All these, are far more important than ⭐️ & 👀.