SecurityAlert Logs are not getting pulled up

thank you very much man!! :D

Nice work. Thanks senpai.

Could ypu make new syslog/cef firwarder lab seiries with the new sentinel ama connector?

Why containers not VMs? Total noob here. I went from picking up a few WI. Fi smart bulbs to deciding Hey and at home. Automation would be better than the cloud apps. 2, Hey, I need to build myself a home lab computer to run. Home assistant, and now i'm here and I don't know how I got here and yeah

create alerts, use look up file, long query also is good

I honestly see this video being helpful with repetition. Thanks 🙏🏿

Yes, really good stuff, but the isnotnull doesn't work for strings. isnotempty works better for the description.

Good morning :) A BIG thank you from me for explaining KQL so well and in an easy to understand way! You ae a KQL life saver for me :)

man this is way better than all the udemy courses lol awesome job bro

Thanks a lot for this. I'm a non-tech person retraining on a network+ prep course that's insanely fast-paced and not particularly well organized. Thankfully, the instructor included your video as part of the workbook and it actually made sense to me. I appreciate you man.

great video but it's now obsolete. consider a new on on the AMA agent.

When 900 years old you reach, code this good you will not!!

What book is this please?

This was a good video - I can always used a cheat sheet.

my rsyslog.conf not same like you, did i need to update it manual or what i must to make it easier ?

tail: cannot open 'messages' for reading: No such file or directory help

Wow, that's incredible. Thank you for sharing!

any updates on your BI > Sentinel dashboards?

I am little confused with arg_max function still. From what I understood was arg_max will return maximum value for whatever column is in the bracket. For example let's say I have following simple query. This will return single row as result of latest value as we're passing TimeGenerated in brackets to arg_max SecurityEvent | where TimeGenerated > ago(1d) | summarize arg_max(TimeGenerated, *) But when I replace this with following query, it gives me multiple results. SecurityEvent | where TimeGenerated > ago(1d) | summarize arg_max(TimeGenerated, AccountType, Activity) by Account So this is kinda confusing me as it's not giving just maximum value but multiple results. Is it because of what you explained at around @ 16.21 in this video?? So far I am finding your tutorials helpful in understanding KQL better as this is something that has always challenged me within Azure..

What is the headset you are using? 🙂

Today my school had gotten hacked and it was because these kids were going on bad websites and the firewall got open and hackers were able to get into all our computers and find our information. But it’s was only in middle school so elementary kids were fine. They did change the password though which I don’t know if that did anything tbh

A great tutorial. Many thanks for it 😃

My jam

Why i don't have message file in /var/log ?

Can this be done for free? I'm interesting in doing this but assume it has costs associated

Thanks brother for this KQL tutorial videos. It is helpful

How can I automate this process with power automate or any other tool?

Thank you so much for doing this series! It’s helped me SO much!

nice video! it was very useful and very interesting :) your content is very informative. thank you for your valuable contribution! please keep going!

one question can you make subqueries in KQL and join?

How would I import the samples into the powerbi or load up the samples as you're showing. Can you do a video on that process

This is pretty cool but that's not how groups in regex works. 0 is the whole match but without regex syntax, 1 is the first group, 2 is the second etc. if you do match "thing (one) (two)" then 0 returns " thing one two", 1 returns one, and 2 returns two.

I subscribed because of the animation. Will be watching from the beginning of the playlists. Good stuff to capture attention.

What about the AMA agent ?

Good vid!

Great vid, my dude. Would love to see an updated video with the new AMA agent. OMS is going away. For some reason.

Great video, also just wanted to let you know that I was sent here by one of your interns. 😂

Thanks for the video, quick query: Is there anyway to join more than 2 tables ?

Hello @Teachjing, All your tutorials are very helpful I know my question might be two years late but the "protectionstatus" table no longer seems to have no sample data work with . I am trying to work with your instructions but the "protectionstatus" table within the database "security and audit " has no sample data so what would you suggest we use as an alternative ?

Studying for my SC-200 as of current! This has come in so much help, I think I am primarily struggling with the tables and filters, and just understanding the processes, any tips to simplify this or how to learn this any quicker from a non-technical background.

Thank you so much Teachjing! you gave me loads of info!...

Hi Sir. Thanks for you great work. I have learned a lot from your videos. However, there is one thing I can’t seem to figure out. I want to run a query where the data is found in 2 different tables (SecurityAlert & SigninLogs). The common column in both tables is “UsedId”. How can I use join or union operator to put these 2 tables together and get my data. The common column in the 2 tables is “UsedId” SecurityAlert | where AlertName == "Unfamiliar sign-in properties" | where AlertSeverity == "High" SigninLogs | where RiskState == "atRisk"

Nice vid!!! 🦾

Regarding the difficulty level, I must say that it was just right for me. The material was presented in a way that was challenging enough to keep me engaged but also manageable to grasp. I'm glad to hear that it will get better as the series progresses, and I'm excited to continue learning. Once again, thank you for your dedication to teaching and your willingness to assist learners. I truly appreciate the support and look forward to continuing this journey with your valuable guidance. Once again, thank you for your dedication to teaching and your willingness to assist learners. I truly appreciate the support and look forward to continuing this journey with your valuable guidance.