Kusto Insights

Dive into the latest news, community blogs, and expert queries. Stay ahead with a quick, insightful summary of everything happening in the world of KQL.

Sign up to receive our monthly newsletter, already trusted by 750+ professionals, delivered directly to your inbox.


Latest Issues

Issue #6 [05/07/2024]

April Update

The April update covers a range of topics including modifications to RDP default listening ports, new features in Microsoft's unified security operations platform, and strategies for monitoring vulnerable drivers and hunting threats in Azure subscriptions. It also highlights the latest community contributions and the practical applications of KQL in enhancing security measures and automating incident responses.

Issue #5 [04/02/2024]

March Update

The March update shows the latest KQL trends, featuring an analysis of NTDS.DIT file modifications for security, blogs on Azure monitoring, and Microsoft's launch of Copilot for Security. It includes community insights on Entra ID monitoring, KQL hacks for Azure Monitor Workbooks, and strategies for cost-effective Azure log analytics, emphasizing a comprehensive approach to data management and security enhancement.

Issue #4 [03/05/2024]

February Update

The February update of "Kusto Insights" features a Query of the Month focusing on detecting leaked credential risks in Azure Active Directory, demonstrating the practical use of KQL in enhancing security. Additionally, the update includes community insights and Microsoft's latest enhancements, such as the expanded capabilities of the Microsoft Intune Suite and new Kusto database update commands, which collectively showcase the evolving landscape of data analysis and endpoint management using KQL.

Issue #3 [02/06/2024]

January Update

The January update of "Kusto Insights" features a Query of the Month that identifies unused conditional access policies in Azure Active Directory, showcasing practical KQL application in security. It also includes community contributions and Microsoft updates, highlighting new ways to utilize KQL in various domains like external data querying in Microsoft Sentinel, security source updates for 2024, and advancements in data visualization and monitoring with Azure tools, reflecting ongoing innovation and collaboration in the KQL ecosystem.

Issue #2 [01/02/2024]

December Update

The December update of "Kusto Insights" presents a new KQL query for identifying risky user operations and offers a roundup of community and Microsoft blog posts. These posts cover topics like passkey risks, vulnerability prioritization using the CISA catalog, and real-time analytics with KQL, illustrating the ongoing engagement and innovation in the KQL community and its applications in security and data analysis.

Issue #1 [12/05/2023]

November Update

The November update of "Kusto Insights" showcases a detailed KQL query by Thomas Naunheim for identifying user and workload identities, along with curated blog posts from the KQL community on network operations and threat detection. It also highlights new Microsoft features integrating KQL, such as Microsoft Security Copilot and Microsoft Intune Advanced Analytics, enhancing data analysis and user experience.