Focus area
Sentinel/KQL
SOC-ready detections, hunting queries, and workbooks.
Move past ‘enable logs’—collect the right signals, normalise data, and arm responders with KQL building blocks tied to runbook steps.
Posts are brewing for this focus area. In the meantime, have a look at the Start Here journey.
Explore other focus areas
Hop between landing zones, identity, networking, and more.