Tag: kql
4 Artikel zu diesem Thema.
RoguePlanet: The Fourth Defender Zero-Day, and Why the Patch Is Not the End of It
CVE-2026-50656 is patched, but the fix ships as an engine update, not a Patch Tuesday KB. What RoguePlanet does, how it rhymes with BlueHammer, and the retrospective hunt and patch validation blue teams still owe themselves.
The Classic-Agent Blind Spot: Detecting Non-Human Identities in Microsoft Sentinel
Microsoft Entra Agent ID secures the agents you build tomorrow. The service principals and managed identities you already run - the classic agents - are a different story. Two KQL detections, the diagnostic switch nobody flips, and what to do this week.
Wiring Microsoft Security Exposure Management Into Sentinel - Triage with Asset Criticality and Attack-Path Context
MSEM gives Sentinel something it never had: asset criticality and attack-path context per entity. Architecture, KQL patterns for incident enrichment, and the entity-matching pitfalls that quietly break them.
From Azure Sentinel Log Analytics Workspace to Data Lake - Why Now Is the Right Time
The Sentinel Data Lake Tier changes the cost equation for high-volume security logging. Architecture, migration playbook, KQL examples, and the pitfalls nobody warns you about.