PinnedImplementing RITA in Azure Sentinel using KQLIn this post, I’ll explain how RITA beacon analyzer works and implement the algorithm in Azure Sentinel using KQL…Jul 21, 2021Jul 21, 2021
PinnedEnterprise Scale Threat Hunting: C2 Beacon Detection with Unsupervised ML and KQL — Part 2In this series, we’ll develop an approach and solve the problems with KQL and create queries for Sysmon, Palo Alto, and Microsoft DefenderMay 19, 20211May 19, 20211
PinnedPublished inBlu RavenThreat Hunting with Data Science: Registry Run KeysThreat hunting and detection of Registry Run Keys on a large scale by using basic Data Science methods.Mar 25, 2021Mar 25, 2021
C2 Beaconing Detection with MDE Aggregated Report TelemetryMicrosoft has recently introduced a new telemetry feature in Defender for Endpoint: Aggregated Reports. This new telemetry provides new…Mar 151Mar 151
Microsoft Sentinel Internals: Hidden Gems in the SecurityAlert TableHave you ever wondered how Microsoft Sentinel generates alerts and stores them in the SecurityAlert table? Recently, while working on a…Dec 6, 2024Dec 6, 2024
EDR Silencer and Beyond: Exploring Methods to Block EDR Communication — Part 2Attackers continuously innovate new ways to bypass security measures. Recently, a new technique called EDR Silencer has gained attention…Dec 1, 2024Dec 1, 2024
A Common KQL Mistake in Threat Hunting and Detection EngineeringFixing a common filtering mistake in KQL that can lead to false negatives.Mar 17, 2024Mar 17, 2024
Using Python Plugin in Microsoft Sentinel by Leveraging ADXUnleash the power of Python and Data Science in Sentinel using Azure Data Explorer!Feb 4, 2024Feb 4, 2024
A Deep Dive into the KQL Union OperatorCombining datasets efficiently using the KQL union operator for better security analysis.Dec 4, 2023Dec 4, 2023
Published inBlu RavenAdvanced KQL for Threat Hunting: Window Functions — Part 2Using sliding window functions in KQL for better detection.Mar 4, 2023Mar 4, 2023