KQL Cafe June 2022

Date: 28. June 2022

Hosts

• Gianni
• Alex

Show Content

• 

Topics

• 0:00 Welcome to KQL Cafe
• What's new in KQL:
• 1:50 Microsoft Defender Vulnerability Management
• Our KQL Guest:
• 6:19 Mehmet Ergene - Scan Operator
• What did you do with KQL this month?
• 1:01:48 Fileshare auditing with the AMA agent
• Bonus Material:
• 1:17:40 Handpan demo by Mehmet

Agenda

0:00 Welcome to KQL Cafe What's new in KQL: 4:54 Microsoft Sentinel Active Directory EUBA Information from Microsoft Defender for Identity Working with IOCs: 12:35 Quantum Ransomware from The DFIR Report KQL Tools: 57:20 Threat Indicators in Microsoft Sentinel Learning KQL: 1:19:56 Parse vs Extract What did you do with KQL this month? 1:25:30 Building an ASIM parser 1:51:35 Microsoft Defender Vulnerability Management: Browser Extensions Misc: 2:02:10 We are giving talks at Workplace Ninja Summit

Show content references

• Quantum Ransomware Report
• Microsoft Defender Vulnerability Management: Browser Extensions
• Visit us at Workplace Ninja Summit