Must Learn KQL Part 4: Search for Fun and Profit – Azure Cloud & AI Domain Blog (azurecloudai.blog)

Now that we have some understanding of the workflow (from Part 3) under our belts, I’m going to deviate from that for a brief minute in this post and then I’ll bring it back together in Part 5 and combine Parts 4 and 5 to provide something extra meaningful to show you how it all fits together like an unsolved Hardy Boys mystery novel. Hopefully, you’re starting to see that my efforts here are logical and designed to accumulate enough knowledge that is necessary to move to the next plane of understanding.

What I want to do in this post, is give you something you can actually use today. When I’m done here, you should be able to take the knowledge and the query snippets to do your own hunting – or, rather, look inside your own environment to get an understanding of what is happening that’s worth exposing and investigating.