Querying for Breaches with Mark Morowcyznski

About Show #969

Do you Kusto? Richard talks to Mark Morowczynski about his new book, The Definitive Guide to KQL, and the power of Kusto to look across your Azure tenant and understand operational and security issues. Mark talks about being able to query across all log sets, telemetry, the M365 graph, and more - to help understand issues. The book provides example queries you could run today, including knowing the first and last time a user logged on and what devices they used. There are examples of calculating baseline behavior for an account so that you can see when unusual activity starts. There are a ton of excellent queries for operational excellence and cybersecurity - get started today! And for RunAs listeners, you can use code KUSTO to get 30% off the book!

Links

Recorded December 19, 2024

Mark Morowczynski is a principal security researcher in the microsoft Global Hunting, Oversight, and Strategic Triage (GHOST) team. Previously he was a principal product manager in the Microsoft Security Customer Experience Engineering (CxE) team working with customers on their deployments of Microsoft Entra ID/Azure AD. He was also Premier Field Engineer supporting Active Directory, Active Directory Federation Services and Windows Client performance. Mark was also one of the founders of the AskPFEPlat blog. He's spoken at various industry events such as Black Hat, Microsoft Ignite, Microsoft Inspire, JAMF JNUC, Microsoft MVP Summits, The Cloud Identity Summit, SANs Security Summits and TechMentor.

About Show #969

Show Comments