PinnedMehmet ErgeneImplementing RITA in Azure Sentinel using KQLIn this post, I’ll explain how RITA beacon analyzer works and implement the algorithm in Azure Sentinel using KQL…4 min read·Jul 21, 2021----
PinnedMehmet ErgeneEnterprise Scale Threat Hunting: C2 Beacon Detection with Unsupervised ML and KQL — Part 2In this series, we’ll develop an approach and solve the problems with KQL and create queries for Sysmon, Palo Alto, and Microsoft Defender6 min read·May 19, 2021--1--1
PinnedMehmet ErgeneinBlu RavenThreat Hunting with Data Science: Registry Run KeysThreat hunting and detection of Registry Run Keys on a large scale by using basic Data Science methods.4 min read·Mar 25, 2021----
Mehmet ErgeneA Common KQL Mistake in Threat Hunting and Detection EngineeringFixing a common filtering mistake in KQL that can lead to false negatives.3 min read·Mar 17, 2024----
Mehmet ErgeneUsing Python Plugin in Microsoft Sentinel by Leveraging ADXUnleash the power of Python and Data Science in Sentinel using Azure Data Explorer!2 min read·Feb 4, 2024----
Mehmet ErgeneA Deep Dive into the KQL Union OperatorCombining datasets efficiently using the KQL union operator for better security analysis.4 min read·Dec 4, 2023----
Mehmet ErgeneinBlu RavenAdvanced KQL for Threat Hunting: Window Functions — Part 2Using sliding window functions in KQL for better detection.3 min read·Mar 4, 2023----
Mehmet ErgeneinBlu RavenAdvanced KQL for Threat Hunting: Window Functions — Part 1Window functions can take your threat hunting and DFIR skills to a next level!5 min read·Jan 7, 2023--3--3
Mehmet ErgeneDetecting Azure AD Account Takeover AttacksAn easy and generic approach for detecting cloud account takeover attacks using KQL3 min read·Dec 21, 2022----
Mehmet ErgeneDetecting DLL Hijacking Attacks — Part 1DLL hijacking (T1574) is one of the favorite techniques used by attackers. In this post, I’ll explain a method for hunting and detection3 min read·Sep 11, 2022----