F1 telemetry analysis with Azure Data Explorer (ADX)
Formula 1 is one of the most fascinating data-driven sport – so competitive that even one tenth second of an advantage can change the outcome of a race. F1 teams strive to find that advantage by using best in class analytics tools & ML platforms, capable of analysing thousands of data points per second.
Searching Historical Logs for Threat Intelligence Matches.
Hello all, I was just wondering what the best or most efficient way to search logs for threat intelligence IOCs was, I saw a previous post explaining how to do it if you would like to search a large amount of values via watchlist but I would like to do it only for threat intelligence IOCs, I have a search below that works for IP addresses and can also be applied to file hashes. ThreatIntelligenceIndicator | where isnotempty(NetworkIP) | summarize by ThreatIntelIP=NetworkIP | join ( Network_MetaParser | where isnotempty(SrcIpAddr) | summarize by SrcIpAddr, DstIpAddr, EventProduct, DvcAction, DstPortNumber, NetworkProtocol, TimeGenerated ) on $left.ThreatIntelIP == $right.DstIpAddr My question is regarding URL/Domain names. How do I search my logs for any URLs/domains that match or contain the URL/Domain values from threat intelligence. I've tried doing something like the below but it doesn't seem to work. Any suggestions would be greatly appreciated! | summarize by URL | where isnotempty(URL) | where URL has_any (ThreatIntelligenceIndicator)🔍🎬 Introducing Kusto Detective Agency Season 2: Bigger, Better, and Brimming with Prizes! 🎉🔍
Greetings, esteemed investigators and data enthusiasts! We are thrilled to announce the highly anticipated launch of Kusto Detective Agency Season 2. After the immense success of Season 1, with over 10,000 participants diving deep into the world of data investigation, we cannot thank you enough for your incredible support and enthusiasm! Season 2 of Kusto Detective Agency is set to be an even grander adventure, filled with more challenges, mind-bending mysteries, and countless opportunities to showcase your analytical skills. Prepare yourself for a journey that will push the boundaries of your data prowess and reward you with an unforgettable experience. One of the highlights of Season 2 is the abundance of amazing prizes waiting to be claimed by our brilliant detectives. From cutting-edge tech gadgets to exclusive KDA merchandise and flashy detective badges, the stakes have never been higher. We are grateful to AMD for their collaboration in making Season 2 possible. Powered by AMD's advanced technologies, this season promises to be a true marvel of data exploration and analysis. Thank you, AMD, for joining forces with us! For those who are new to the world of Kusto Detective Agency, fear not! Getting started is easier than ever before. You can begin your journey by either - 1. Creating KQL database in Synapse Real-time Analytics in Microsoft Fabric. Please make sure you create a KQL database in “My workspace” - ensuring it remains to be your personal database. Sign up for Fabric free trial. 2. Or by creating a Kusto free cluster Sharpen your skills, familiarize yourself with the tools at your disposal, and start unraveling captivating mysteries right away. The possibilities are endless, and we can't wait to see what you discover! Now, without further ado, here is what you can expect in Kusto Detective Agency Season 2. So are you ready to accept the challenge? Gather your wits, familiarize yourself with the tools at your disposal, and start unraveling captivating mysteries right away. Join us for a season that promises to be the data-driven journey of a lifetime We have 10 cases in season 2 and we will be releasing a case every 2 weeks starting today. Together, let's make Season 2 of Kusto Detective Agency an adventure for the ages! Happy investigating! Recruiting now at: https://detective.kusto.io/ #KustoDetectiveAgency #Season2 #DataMysteryUnveiled
