KQL help Exchange Online
Hello, I need help in buildinga KQL Query as I'm fairly new to this. I have a set of 2 keyword list like Set 1 = "A","B","C" Set 2 = "1","2","3" I want a KQL Query that matches any combinations those 2 sets match. I have tried ("A" OR "B" OR "C") AND ("1" OR "2" OR "3") but that does not seem to work. Many Greetings ErikUsing KQL functions to speed up analysis in Azure Sentinel
Security Operations can often be a very repetitive role. As a security analyst, you will often find yourself conducting the same actions and tasks as you work through an investigation. KQL functions in Azure Sentinel provide a way in which analysts can build up a collection of investigation tools to call upon quickly and simply.Azure Sentinel correlation rules: Active Lists out; make_list() in, the AAD/AWS correlation example
Writing alert rules using KQL is powerful but does not have to be complicated. A good example would be rules that in traditional SIEM use Active Lists. In this blog post, I will describe how to avoid Active Lists entirely using Sentinel query-based rules.
