Querying for Breaches with Mark Morowcyznski

12 snips

Jan 29, 2025

Mark Morowczynski, a Principal Security Researcher at Microsoft and co-author of 'The Definitive Guide to KQL,' dives deep into the world of Kusto Query Language. He explains how KQL can transform log data into actionable insights for security monitoring. They discuss rising cybersecurity threats and the importance of practical improvements like phishing-resistant authentication. With examples from the book, Mark highlights querying techniques to spot unusual account activity and ensure operational excellence. Don't miss tips on harnessing data analytics for enhanced security!

Ask episode

AI Snips

Chapters

Books

Transcript

Episode notes

ANECDOTE

MFA Fatigue

Richard Campbell recounts a story of a user who triggered a phishing attack.
Despite being on the phone with security, the user approved an MFA prompt due to habit.

ADVICE

Querying for Breaches with KQL

Kusto Query Language (KQL) helps query for security breaches and operational issues.
It lets you query across Azure tenant, logs, telemetry, and Microsoft 365 graph.

INSIGHT

KQL's Power and Practicality

KQL is a powerful query language used across Microsoft's ecosystem.
The "Definitive Guide to KQL" book offers practical queries for various purposes.

Get the Snipd Podcast app to discover more snips from this episode

Get the app