Blog

Tag: kql

4 Artikel zu diesem Thema.

windowsdefendervulnerabilitydetection-engineeringsentinellpekql

RoguePlanet: The Fourth Defender Zero-Day, and Why the Patch Is Not the End of It

CVE-2026-50656 is patched, but the fix ships as an engine update, not a Patch Tuesday KB. What RoguePlanet does, how it rhymes with BlueHammer, and the retrospective hunt and patch validation blue teams still owe themselves.

Weiterlesen →
microsoft-sentinelentra-idnon-human-identitiesai-agentsdetection-engineeringkqlservice-principals

The Classic-Agent Blind Spot: Detecting Non-Human Identities in Microsoft Sentinel

Microsoft Entra Agent ID secures the agents you build tomorrow. The service principals and managed identities you already run - the classic agents - are a different story. Two KQL detections, the diagnostic switch nobody flips, and what to do this week.

Weiterlesen →
microsoft-sentinelmsemdefender-xdrexposure-managementkqldetection-engineering

Wiring Microsoft Security Exposure Management Into Sentinel - Triage with Asset Criticality and Attack-Path Context

MSEM gives Sentinel something it never had: asset criticality and attack-path context per entity. Architecture, KQL patterns for incident enrichment, and the entity-matching pitfalls that quietly break them.

Weiterlesen →
microsoft-sentinelazuresiemdata-lakekqlcost-optimization

From Azure Sentinel Log Analytics Workspace to Data Lake - Why Now Is the Right Time

The Sentinel Data Lake Tier changes the cost equation for high-volume security logging. Architecture, migration playbook, KQL examples, and the pitfalls nobody warns you about.

Weiterlesen →