Azure Sentinel correlation rules: Active Lists out; make_list() in, the AAD/AWS correlation example

  Writing alert rules using KQL is powerful but does not have to be complex. A good example would be rules which in traditional SIEM use Active Lists (or Reference Sets, depending on your SIEM). Wh...