I am excited to announce the public release of KQL Event Viewer. This is easily the most complete and useful project I have built to date. KQL Event Viewer is a Windows Event Viewer-style experience for KQL data. Instead of starting with a query, you start with the data. Tables are organized, pre-filtered, and easy… Read More »
This week marked the end of an era. I am in the process of transitioning to a new role, and I will share more about that soon. As part of that transition, I delivered what will likely be my final class in this program, a three-day remote cybersecurity session. Keeping an audience engaged for three… Read More »
I have been working with Microsoft Sentinel since before it reached general availability in September 2019, supporting customers, delivering training, and developing real-world deployment guidance. Over that time, I have worked with dozens of organizations across both commercial and government environments, ranging from small universities to large global enterprises. I share that context only to… Read More »
A practical alternative and complement to Security Copilot I wrote about Alternatives to Microsoft Security Copilot last year and why many organizations are still looking for practical ways to bring AI into their SOC. That conversation has continued to come up in customer engagements. Some teams do not have access yet. Others are constrained by… Read More »
In the last article, I introduced Azure AI Foundry as a way to stand up a private AI service for SOC use cases. The key idea is that the model itself is not the solution. The value comes from how you shape requests using system prompts and structured input. One deployment can support many different… Read More »
Over the past few months, I have shared a set of workbooks focused on closing visibility gaps across identity and endpoint security data. These were built from real-world scenarios where the signals existed, but the connections between them were not always obvious. Today I am releasing major updates to both, expanding their scope and making… Read More »
I keep seeing the same pattern, and it is getting frustrating. Microsoft is calling custom chatbots “agents,” and now everyone is building them. The problem is most of these so-called agents are not agents at all. They are just slightly modified chat prompts wrapped in a UI. I said this before, but it is worth… Read More »