Tag: KQL
-
Simple Syslog Ingestion with Microsoft Sentinel Data Lake
Learn how to easily connect your Syslog collector VM, configure a Data Collection Rule, and validate real-time log ingestion into Microsoft Sentinel Data Lake. This step-by-step guide helps you streamline Syslog ingestion for scalable and cost-efficient security analytics. Read more
-
The Proven Way Sentinel Data Lake Slashes Cost
Introduction Security teams have long faced a tough challenge: balancing visibility with cost. A year ago, many organizations hesitated to adopt Microsoft Sentinel because of the high cost of the Analytics tier, forcing them to strip data down to the bare minimum. Microsoft listened. The Sentinel Data Lake tier is the proven way to slash Read more
-
Unlocking Scalable Security Analytics: Bolster Sentinel Data Governance
Introduction Throughout this series, we’ve explored how Microsoft Sentinel evolves to meet modern security analytics needs—from onboarding and cost optimization to advanced KQL automation and notebook-based data science. One of the key components in this ecosystem is the Sentinel Data Lake, which plays a crucial role in storing and managing security data efficiently. In this Read more
-
Unlocking Scalable Security Analytics: Explode Threat Analysis in Sentinel Notebooks
Take your investigations to the next level with Sentinel Notebooks. Learn how to explode threat analysis workflows using Python, Spark, and machine learning in Microsoft Sentinel Data Lake — turning data into faster, smarter insights. Read more
-
Unlocking Scalable Security Analytics: Expose Sentinel Data Lake Notebooks
Discover how notebooks in Microsoft Sentinel Data Lake bring together KQL, Python, and data science to transform security investigations. Learn what they are, why they matter, and what you need to get started before diving deeper into advanced use cases. Read more
-
Unlocking Scalable Security Analytics: How to Automate KQL Jobs in Sentinel Data Lake
Introduction In Part 4 of this series, we focused on optimizing KQL queries in Microsoft Sentinel Data Lake. Optimized queries are powerful for investigations, but sometimes you need to automate and repeat them. That’s where KQL jobs come in. A KQL job allows you to run scheduled queries across Sentinel Data Lake, store the results, Read more
-
Unlocking Scalable Security Analytics: How to Optimize KQL Queries in Sentinel Data Lake
Introduction In Part 3 of this series, we covered how to onboard Microsoft Sentinel Data Lake. Once onboarding is complete, the next step is learning how to query your data effectively. Efficient Kusto Query Language (KQL) queries are critical for SOC teams during historical investigations. Well-structured queries reduce costs, accelerate investigations, and reveal meaningful patterns. Read more
-
Unlocking Scalable Security Analytics: How to Set Up Sentinel Data Lake
Introduction In Part 1 of this series, we explained why pairing Microsoft Sentinel with a Data Lake matters. In Part 2, we demonstrated how the integration can save up to 75% annually. Now, in Part 3, you will walk through the onboarding process for Microsoft Sentinel Data Lake and see how it extends your existing Read more
-
Unlocking Scalable Security Analytics: Why Pair Microsoft Sentinel with a Data Lake?
Enterprises generate enormous volumes of security data every day from endpoints, identities, applications, and cloud services. Microsoft Sentinel delivers powerful, cloud-native detection and investigation. However, storing and analyzing all of that data directly in Sentinel’s Log Analytics workspace quickly becomes expensive and inefficient. Recently Microsoft released Sentinel Data Lake which will solve this problem for Read more
-
Mastering Defender XDR: Proven Strategies for Advanced Hunting with KQL to Expose Hidden Attacks
🎤 Special Announcement I’m at Black Hat 25 this week! If you’re attending, come see me at the Microsoft Booth, where I’ll be demoing Security Copilot. Stop by to learn how AI is transforming cybersecurity, and let’s connect to talk about Defender XDR, Advanced Hunting, and Security Copilot in action. 🚀 Introduction In today’s fast-moving Read more