Azure Sentinel correlation rules: Active Lists out; make_list() in, the AAD/AWS correlation example
Writing alert rules using KQL is powerful but does not have to be complicated. A good example would be rules that in traditional SIEM use Active Lists. In this blog post, I will describe how to avoid Active Lists entirely using Sentinel query-based rules.Using KQL functions to speed up analysis in Azure Sentinel
Security Operations can often be a very repetitive role. As a security analyst, you will often find yourself conducting the same actions and tasks as you work through an investigation. KQL functions in Azure Sentinel provide a way in which analysts can build up a collection of investigation tools to call upon quickly and simply.An Interesting Feature: Replacing URLs With Search Queries in Address Bar
In Microsoft Edge, there is a flag called: Query in Omnibox What it does is, basically in search results, instead of showing you an ugly long address, it shows you an easier to read text. Compare: (Query in Omnibox: Off) (Query in Omnibox: On)Viva Insights - Advanced Insights forum
Hi community members! Please use this board for discussions on the below topics: Queries: This forum can be used for questions about queries - how to set up custom queries, when/why to run certain queries, and how to access/share query results. PowerBI Templates: Questions about PowerBI Templates can be asked on this forum as well. Questions such as how to set up templates, how to read results, steps that can be taken from the results, etc. Metrics: You can also use this forum to post questions about confusing metrics, clarity on definitions or general metric questions. If you are a Viva Insights customer currently undergoing transition from the old to the new advanced insights platform, please join the support group here Advance Insights Platform Transition Support - Microsoft Community Hub Please remember to review the general guidelines before posting. Note that this community is to share experiences and general questions only, please open a support ticket for specific questions on your organization's support issues.
