Nice shortcut in KQL to get JSON data in a dynamic column.

While looking at the SigninLogs table in Azure Sentinel I noticed there are a lot of dynamic fields that hold JSON data. I was trying to use parse_json to get to the data but it was always returning empty fields. I then realized that parse_json requires a string input, not a dynamic. After some messing […]

Ingesting Azure Sentinel Incident information into Log Analytics Part III – Using the data

Introduction In Ingesting Azure Sentinel Incident information into Log Analytics, I showed you how to create a Log Analytics workflow to ingest Azure Sentinel Incidents into a Log Analytics workspace. In Ingesting Azure Sentinel Incident information into Log Analytics Part II, I fixed some of the issues I ran into while using the instructions from […]

Azure Sentinel book coming soon

I am happy to announce that the book I have been writing with my co-worker, Richard Diver, (and I have no idea how he got top billing 😉 ) is almost finished and will be released soon. It is an introduction to Azure Sentinel and covers all the topics from planning your Log Analytics workspace […]