Kusto Insights
Dive into the latest news, community blogs, and expert queries. Stay ahead with a quick, insightful summary of everything happening in the world of KQL.
Sign up to receive our monthly newsletter, already trusted by 650+ professionals, delivered directly to your inbox.
Authors
Bert-Jan Pals (MVP) | SOC Lead
Ugur Koc (MVP) | Cloud Engineer at Glueckkanja AG in Germany
Latest Issues
Issue #5 [04/02/2024]
March Update
The March update dives into the latest KQL trends, featuring an analysis of NTDS.DIT file modifications for security, blogs on Azure monitoring, and Microsoft's launch of Copilot for Security. It includes community insights on Entra ID monitoring, KQL hacks for Azure Monitor Workbooks, and strategies for cost-effective Azure log analytics, emphasizing a comprehensive approach to data management and security enhancement.
Issue #4 [03/05/2024]
February Update
The February update of "Kusto Insights" features a Query of the Month focusing on detecting leaked credential risks in Azure Active Directory, demonstrating the practical use of KQL in enhancing security. Additionally, the update includes community insights and Microsoft's latest enhancements, such as the expanded capabilities of the Microsoft Intune Suite and new Kusto database update commands, which collectively showcase the evolving landscape of data analysis and endpoint management using KQL.
Issue #3 [02/06/2024]
January Update
The January update of "Kusto Insights" features a Query of the Month that identifies unused conditional access policies in Azure Active Directory, showcasing practical KQL application in security. It also includes community contributions and Microsoft updates, highlighting new ways to utilize KQL in various domains like external data querying in Microsoft Sentinel, security source updates for 2024, and advancements in data visualization and monitoring with Azure tools, reflecting ongoing innovation and collaboration in the KQL ecosystem.
Issue #2 [01/02/2024]
December Update
The December update of "Kusto Insights" presents a new KQL query for identifying risky user operations and offers a roundup of community and Microsoft blog posts. These posts cover topics like passkey risks, vulnerability prioritization using the CISA catalog, and real-time analytics with KQL, illustrating the ongoing engagement and innovation in the KQL community and its applications in security and data analysis.
Issue #1 [12/05/2023]
November Update
The November update of "Kusto Insights" showcases a detailed KQL query by Thomas Naunheim for identifying user and workload identities, along with curated blog posts from the KQL community on network operations and threat detection. It also highlights new Microsoft features integrating KQL, such as Microsoft Security Copilot and Microsoft Intune Advanced Analytics, enhancing data analysis and user experience.