Azure Sentinel News
  • Home
  • Security and Compliance
  • MSSP
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
  • Security and Compliance
  • MSSP
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home SENTINEL

How to Convert Your Old, Boring Queries to KQL for Azure Sentinel

Azure Sentinel News Editor by Azure Sentinel News Editor
March 17, 2021
in SENTINEL
0
The ‘All-Seeing’ Azure Sentinel Provides Omnipresent Level Security
5.6kViews
436 Shares Share on Facebook Share on Twitter

Migrating from a legacy SIEM can seem like a daunting task, particularly when you’ve built so much into the existing tool over the years. You have use cases, queries, reports, etc., that you would still like to take advantage of in Azure Sentinel.

I hear this quite a bit, and we do a good job helping our customers retain the important stuff as they modernize their security operations. But, we’re also quick to point out that one of the reasons a customer is interested in Azure Sentinel is because their old, tired SIEM has actually become a part of the problem. Shifting to Azure Sentinel allows customers to better efficientize their thinking and take a much better, more modern approach to monitoring and securing the environment. But, that doesn’t mean that everything is lost.

KQL (the fantastic query language and data scientist’s tool of choice) is the lifeblood to Azure Sentinel. This query language powers the logic behind our Analytics Rules, the data sampling for our Hunting queries, and the visualizations in our Workbooks. Becoming KQL proficient is important. But, for those that have a long list of stored queries from old systems, why start from scratch if you don’t have to?

I talk about this often during my Azure Sentinel workshops, but was reminded today that there are a slew of others out there that have never heard of this valuable tool.

SOC Prime (a fabulous SIEM service) has a valuable tool called Uncoder that takes one query type and can translate (or convert) it into any other type.

Link: https://uncoder.io/

Obviously, the tool is not perfect. Some queries work, some don’t. But, it’s a good first step in trying to retain old use cases and pre-developed queries – again, without starting from scratch.

Here’s a couple additional resources that might interest you.

  • SQL to Kusto query translation – Azure Data Explorer | Microsoft Docs
  • Splunk to Kusto map for Azure Data Explorer and Azure Monitor | Microsoft Docs

Reference : https://azurecloudai.blog/2021/03/16/how-to-convert-your-old-boring-queries-to-kql-for-azure-sentinel/

Tags: Azure SentinelKQL
Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services
SENTINEL

Stream Analytics Software Market 2021 Strategic Assessment-IBM, AWS, TIBCO, Vitria, SQLstream, Microsoft Azure

April 19, 2021
SENTINEL

Detecting the “Next” SolarWinds-Style Cyber Attack

April 16, 2021
Microsoft is quietly becoming a cybersecurity powerhouse
Security Operations

Experience Azure Sentinel with Our New Interactive Learn Guide

April 16, 2021
Next Post
Enriching Windows Security Events with Parameterized Function

A Couple Slight but Noteworthy UI Changes in the Azure Sentinel Console

Microsoft is quietly becoming a cybersecurity powerhouse

Join this Week’s Microsoft Security Insights Live Event for Hullabaloo, Shenanigans, and Roguery

Microsoft brings endpoint & Azure security under Microsoft Defender

Azure Active Directory SigninLogs Still Requires a License to Stream to Azure Sentinel

Follow Us

  • 22M Fans
  • 85 Followers

Recommended

Microsoft introduces integrated Darktrace-a-like, Azure Sentinel

Stay ahead of threats with new innovations from Azure Sentinel

5 months ago
Microsoft bolsters threat prevention capabilities for enterprises

Microsoft bolsters threat prevention capabilities for enterprises

5 months ago
What’s new: Microsoft 365 Defender connector now in Public Preview for Azure Sentinel

What’s new: Microsoft 365 Defender connector now in Public Preview for Azure Sentinel

7 months ago
Mimecast Email Security for Azure Sentinel is now available in the Microsoft Azure Marketplace

Sending enriched Azure Sentinel alerts to 3rd party SIEM and Ticketing Systems

5 months ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • MSSP
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SENTINEL
  • SIEM
  • SOAR
  • Threat Intelligence

Topics

analytics anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Data Connectors Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks
No Result
View All Result

Highlights

Experience Azure Sentinel with Our New Interactive Learn Guide

How to Use Microsoft Teams as a Frontend to Azure Sentinel

3 basic cybersecurity measures to protect MSP businesses

Microsoft buying speech recognition firm Nuance in $16 billion deal

Omdia Research Spotlight: XDR

Google Releases Monitoring Query Language for Cloud Monitoring into General Availability

Trending

CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services
SENTINEL

Stream Analytics Software Market 2021 Strategic Assessment-IBM, AWS, TIBCO, Vitria, SQLstream, Microsoft Azure

by Azure Sentinel News Editor
April 19, 2021
0

By  tanmay and Azure Sentinel News Covid-19 Impact On Global Stream Analytics Software Market Size, Status And...

Microsoft Acquires CyberX to Improve Azure IoT Security

Illusive Collaborates with Microsoft on Active Defense Solution with Microsoft Defender for Endpoint to Combat Advanced Human-Operated Attacks

April 16, 2021

Detecting the “Next” SolarWinds-Style Cyber Attack

April 16, 2021
Microsoft is quietly becoming a cybersecurity powerhouse

Experience Azure Sentinel with Our New Interactive Learn Guide

April 16, 2021
Vectra AI and Microsoft partner on security integration

How to Use Microsoft Teams as a Frontend to Azure Sentinel

April 16, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • Stream Analytics Software Market 2021 Strategic Assessment-IBM, AWS, TIBCO, Vitria, SQLstream, Microsoft Azure April 19, 2021
  • Illusive Collaborates with Microsoft on Active Defense Solution with Microsoft Defender for Endpoint to Combat Advanced Human-Operated Attacks April 16, 2021
  • Detecting the “Next” SolarWinds-Style Cyber Attack April 16, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • MSSP
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SENTINEL
  • SIEM
  • SOAR
  • Threat Intelligence

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • MSSP
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News