Applied KQL
@AppliedKQL
Helping others get things done using Kusto Query Language (KQL).
KQL query: Identify PowerShell using sleep timers to evade detection appliedkql.com/kql-query-iden…
KQL query: Windows PowerShell execution events that may involve a download appliedkql.com/kql-query-wind…
Identify Windows PowerShell events creating outbound connections that could indicate the establishment of a reverse shell. appliedkql.com/kql-query-wind…
Identify inbox rule creation that is consistent with business email compromise (BEC). appliedkql.com/kql-query-bec-…
Identify suspect mailbox actions and correlate with IP addresses in risky sign-in events. appliedkql.com/kql-query-susp…
List user accounts with repeated logon failures to identify possible targets of brute force attacks or invalid credential usage attempts. appliedkql.com/kql-query-iden…
Investigate which Microsoft applications are experiencing the most logon failures and the reasons behind those failures. appliedkql.com/kql-query-logo…
List failed logons logged in Active Directory with additional attributes for investigation and troubleshooting. appliedkql.com/kql-query-get-…
List sensitive group membership changes, including who was added or removed to what group, and who made the change. appliedkql.com/get-active-dir…
Get users and the groups they were added or removed from, including who made the change. appliedkql.com/kql-query-get-…
Identify devices in your Defender tenant that are vulnerable to known exploited vulnerabilities maintained by CISA. appliedkql.com/kql-query-list…
Get Intune devices that have not contacted Intune within the last 45 days and should be considered inactive/stale. appliedkql.com/kql-query-get-…
Identify unsupported software and the devices they are installed on. appliedkql.com/kql-query-brea…
Use KQL to generate a report of disk free space (both percentage free and GB free) for Intune devices. appliedkql.com/kql-query-brea…
Use KQL to get a list of your device models and counts from Intune. appliedkql.com/kql-query-brea…
It's free Azure Data Explorer cluster Friday! Actually, you can get a free ADX cluster for working on your KQL chops any day of the week, here's how. appliedkql.com/getting-starte…
There is no one-page post that can lay claim to being the "Ultimate Guide" for any topic, particularly something as expansive as KQL. However, a "primer" is a small, informative introduction on a subject; perfect for an inaugural post. appliedkql.com/kusto-query-la…
Did you know that the "Kusto" in Kusto Query Language is a nod to Jacques Cousteau, the oceanic explorer? Learn why and more about the amazingly powerful query language KQL. appliedkql.com/what-is-kql/ First official blog post drops Wednesday!
United States Trends
- 1. #AEWDynamite 39.7K posts
- 2. Epstein 1.41M posts
- 3. #AEWBloodAndGuts 5,161 posts
- 4. #Survivor49 3,339 posts
- 5. Darby 4,684 posts
- 6. Kyle O'Reilly N/A
- 7. Moxley 2,145 posts
- 8. Steph 21.2K posts
- 9. Hobbs 28.5K posts
- 10. #SistasOnBET 2,114 posts
- 11. Skye Blue 3,774 posts
- 12. Paul Reed 1,961 posts
- 13. Draymond 8,304 posts
- 14. Knicks 34.1K posts
- 15. Mark Briscoe N/A
- 16. Claudio 24.6K posts
- 17. Caruso 3,583 posts
- 18. Hannah Hidalgo 4,369 posts
- 19. Paul Skenes 19.9K posts
- 20. #TheChallenge41 1,175 posts
Something went wrong.
Something went wrong.