User Profile
jasonchrist
Copper Contributor
Joined 5 years ago
User Widgets
Recent Discussions
Kusto evaluate and transform URL to subdomain.domain.topleveldomain format
Dear Team, I have a question in the context of Threat Intelligence search, where I wanted to standardize free-formed URL into a specific format ofsubdomain.domain.topleveldomain. Sample URL: login.ezproxy.uni.simple.me https://submit.owa.something.gov.eu sample.me The desired output is that KQL is smart enough to evaluate and cut those URLs to the following output: uni.simple.me something.gov.eu sample.me I have used parse_url function which is useful, but aren't able to cut the URL to desired length format. Thank you!Solved5.6KViews0likes2CommentsMicrosoft Sentinel Entity Mapping: Process - best practice
Dear Forum members, A quick technical question i.r.t entity mapping for Process entity. Specifically in the context of DeviceProcessEvent/ Sysmon Event 1; Understand that there are initiating/parent process and child/new process in those logs. When we map the 'Process' entity, do we map it against the parent process OR child process OR we do it for both? Thank you for your feedback/ response.1KViews0likes0Comments