Category: KQL

Azure
0
AzureTracks.com investigate using KQL and find deleted or hidden log entries.

Unveil Delete Operations in Azure using KQL

In this blog post, we’ll explore how to wield the mighty KQL to uncover those elusive “delete” actions within your Azure environment. Whether you’re a seasoned cloud explorer or just dipping your toes into the Azure waters, this guide will equip you with the knowledge to track down those vanishing resources.

Posted on 6:58 am
Azure
0
AzureTracks.com investigating using Microsoft Sentinel, KQL, and logs.

Find Actions Taken by an Administrator in Azure Logs

In this post, join me in exploring how to find meaningful actions taken by an administrator in your environment. We will take a look at how to find what changes were made by an individual account. Join me as we dive into auditing logs in Azure and determine if the administrator account is responsible for actions in our environment.

Posted on 7:18 am