Applied KQL
Helping others get things done using Kusto Query Language (KQL).
List user accounts with repeated logon failures to identify possible targets of brute force attacks or invalid credential usage attempts.
[Read more…] about KQL query: Identify brute force attacks or invalid credential usage attempts
Investigate which Microsoft applications are experiencing the most logon failures and the reasons behind those failures.
[Read more…] about KQL Query: Logon Failure Reason analysis
List failed logons logged in Active Directory with additional attributes for investigation and troubleshooting. Comparable to Windows security log event ID 4625.
[Read more…] about KQL query: Get Active Directory failed logons
List sensitive group membership changes, including who was added or removed to what group, and who made the change.
[Read more…] about KQL query: Get Active Directory sensitive group membership changes
Get users and the groups they were added or removed from, including who made the change.
[Read more…] about KQL query: Get Active Directory group membership changes
Identify devices in your Defender tenant that are vulnerable to known exploited vulnerabilities maintained by CISA.
[Read more…] about KQL query: List devices vulnerable to CISA known exploited vulnerabilities