cyphershell.tech – Cyber Threat Hunting research & SOC Analyst guides

KQL query to change Azure Sentinel log timestamp format

2024-09-07 by Ben

Analysts forget that Sentinel logs output the TimeGenerated field values as UTC. Add this line to create a reformatted timestamp field congruent to your time zone: Remember to change the amount value to the UTC difference for your time zone. For example, I am in the US Eastern Time Zone, which is -4. Now you … Read more

Analyst Advice #001: Data Flow

2024-09-052024-09-05 by Ben

New to an environment? Learn data flow. Veteran to an environment? See if you can draw out the data flow from memory. Most important thing to know as an Analyst is how data flows in your environment. Ask senior analysts or department leadership for existing documents with diagrams displaying how data/traffic ingresses and egresses to/from … Read more