Mehmet Ergene – Medium

Mehmet Ergene

Pinned

Implementing RITA in Azure Sentinel using KQL

In this post, I’ll explain how RITA beacon analyzer works and implement the algorithm in Azure Sentinel using KQL…

Jul 21, 2021

Implementing RITA in Azure Sentinel using KQL

Jul 21, 2021

Pinned

Enterprise Scale Threat Hunting: C2 Beacon Detection with Unsupervised ML and KQL — Part 2

In this series, we’ll develop an approach and solve the problems with KQL and create queries for Sysmon, Palo Alto, and Microsoft Defender

May 19, 2021

Enterprise Scale Threat Hunting: C2 Beacon Detection with Unsupervised ML and KQL — Part 2

May 19, 2021

Pinned

Published in
Blu Raven

Threat Hunting with Data Science: Registry Run Keys

Threat hunting and detection of Registry Run Keys on a large scale by using basic Data Science methods.

Mar 25, 2021

Threat Hunting with Data Science: Registry Run Keys

Mar 25, 2021

C2 Beaconing Detection with MDE Aggregated Report Telemetry

Microsoft has recently introduced a new telemetry feature in Defender for Endpoint: Aggregated Reports. This new telemetry provides new…

Mar 15

C2 Beaconing Detection with MDE Aggregated Report Telemetry

Mar 15

Microsoft Sentinel Internals: Hidden Gems in the SecurityAlert Table

Have you ever wondered how Microsoft Sentinel generates alerts and stores them in the SecurityAlert table? Recently, while working on a…

Dec 6, 2024

Microsoft Sentinel Internals: Hidden Gems in the SecurityAlert Table

Dec 6, 2024

EDR Silencer and Beyond: Exploring Methods to Block EDR Communication — Part 2

Attackers continuously innovate new ways to bypass security measures. Recently, a new technique called EDR Silencer has gained attention…

Dec 1, 2024

EDR Silencer and Beyond: Exploring Methods to Block EDR Communication — Part 2

Dec 1, 2024

A Common KQL Mistake in Threat Hunting and Detection Engineering

Fixing a common filtering mistake in KQL that can lead to false negatives.

Mar 17, 2024

A Common KQL Mistake in Threat Hunting and Detection Engineering

Mar 17, 2024

Using Python Plugin in Microsoft Sentinel by Leveraging ADX

Unleash the power of Python and Data Science in Sentinel using Azure Data Explorer!

Feb 4, 2024

Using Python Plugin in Microsoft Sentinel by Leveraging ADX

Feb 4, 2024

A Deep Dive into the KQL Union Operator

Combining datasets efficiently using the KQL union operator for better security analysis.

Dec 4, 2023

A Deep Dive into the KQL Union Operator

Dec 4, 2023

Published in
Blu Raven

Advanced KQL for Threat Hunting: Window Functions — Part 2

Using sliding window functions in KQL for better detection.

Mar 4, 2023

Advanced KQL for Threat Hunting: Window Functions — Part 2

Mar 4, 2023

Mehmet Ergene

Mehmet Ergene

🚀 Master KQL at https://academy.bluraven.io for Threat Hunting, Detection Engineering, and Incident Response | Threat Researcher | DFIR | SIEM | @Cyb3rMonk

Following

Help
Status
About
Careers
Press
Blog
Privacy
Rules
Terms
Text to speech