Querying for Breaches with Mark Morowcyznski

Do you Kusto? Richard talks to Mark Morowczynski about his new book, The Definitive Guide to KQL, and the power of Kusto to look across your Azure tenant and understand operational and security issues. Mark talks about being able to query across all log sets, telemetry, the M365 graph, and more - to help understand issues. The book provides example queries you could run today, including knowing the first and last time a user logged on and what devices they used. There are examples of calculating baseline behavior for an account so that you can see when unusual activity starts. There are a ton of excellent queries for operational excellence and cybersecurity - get started today! And for RunAs listeners, you can use code KUSTO to get 30% off the book!

Links

• Threat Intelligence Blog
• Phishing-Resistant Passwordless Authentication
• Kusto Query Language
• Microsoft Sentinel
• Microsoft Security Copilot
• KQL Guide on GitHub

Recorded December 19, 2024