[SANS Institute and Anvilogic Present] The 2025 State of Detection Engineering Report
Join the waitlist
Skip to main content
Top 10 KQL Queries Every DE Should Know

#39 Top 10 KQL Queries Every DE Should Know

December 12, 2024

Get the Giveaway

In this episode, Alex sits down with Sergio Albea, an accomplished Threat Hunter, Researcher, User Behavior Analyst, and Senior Cloud Security Engineer/Architect, to share a must-have resource for detection engineers: the Top 10 KQL Queries of 2024.

From detecting DLL hijacking and MFA fatigue to uncovering anonymous file access in OneDrive and SharePoint, we’ll walk through each query, the data feeds/sources required for detection and talk shop about their practical uses. Whether you’re new to KQL or an experienced user, these queries are designed to elevate your detection capabilities.

Episode Host Headshot
Alex Hurtado
Detection Dispatch Host, Anvilogic
Episode Host Headshot
Sergio Albea
Senior Cloud Security Engineer & Architect

Additional Resources

Launch the Snowflake Lab
Anvilogic for Snowflake
Top 10 KQL Queries Every DE Should Know
Podcast

Episode 39: Top 10 KQL Queries Every DE Should Know

More Episodes

Typo Trouble: How LLMs Can Outsmart TYPOSQUATTING Attacks

December 5, 2024

#38 Typo Trouble: How LLMs Can Outsmart TYPOSQUATTING Attacks

In this episode, we chat with the brilliant Mike Hart, a data scientist with a mission: to outsmart the sneaky world of typosquatting attacks. Just in time for the holiday shopping frenzy, we explore how his open-source project leverages LLMs to safeguard users from clicking on malicious look-alike links.

Watch Now and Get the Giveaway
Maturing SecOps with Detection-as-Code

November 21, 2024

#37 Maturing SecOps with Detection-as-Code

Ever feel like detection rule management is stuck in the Stone Age? This episode with Wade Wells a DE powerhouse trailblazing DaC in the industry is all about leveling up with Detection-as-Code—a game-changing way to manage threat detection that ditches the manual grind. We’ll break down how using code and automation can bring collab, speed, and structure to your detection engineering game.

Watch Now and Get the Giveaway
Get Smarter with Entity Correlation + RBA in Sentinel

November 7, 2024

#36 Get Smarter with Entity Correlation + RBA in Sentinel

Join Detection Engineers Micah Funderburk and Alex Temaly as they break down their RBA success story in Sentinel—packed with insights, tips, and the best moves to help your SOC catch threats faster and smarter.

Watch Now and Get the Giveaway