PodParley PodParley
PodParley PodParley
Log in

The Inside Scoop on Using KQL for Cloud Data Security

Episode 28 of the Microsoft Threat Intelligence Podcast podcast, hosted by Microsoft, titled "The Inside Scoop on Using KQL for Cloud Data Security" was published on September 25, 2024 and runs 26 minutes.

September 25, 2024 ·26m · Microsoft Threat Intelligence Podcast

0:00 / 0:00

Summary

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by the authors of the new book The Definitive Guide to KQL: Using Kusto Query Language for Operations, Defending, and Threat Hunting. Guests Rod Trent, Matt Zorich, and Mark Morowczynski discuss the significance of KQL (Kusto Query Language) in cloud data security and how it enables efficient data querying for threat detection in Microsoft products like Sentinel and Defender. They share insights from their own experiences, highlight key features of the book, and explain how both beginners and experts can benefit from KQL. Later in the episode Sherrod speaks with Senior Threat Hunter Lekshmi Vijayan about the growing trend of cyberattacks using malicious PowerShell commands. Lekshmi explains how attackers trick users into copying and pasting harmful code, often through compromised websites or phishing emails. They discuss how these attacks aim to install remote access tools like NetSupport RAT or information stealers, targeting sensitive data like browser credentials and crypto keys.    In this episode you’ll learn:       How KQL is applied in real-world security scenarios including incident response  Key features and benefits of KQL when it comes to security and cloud data  Distinguishing between legitimate and malicious uses of remote management tools      Some questions we ask:        How does KQL tie into the Microsoft ecosystem, like Defender and Copilot?  What advice would you give to someone new to KQL who wants to start learning?  What is the technique we're seeing with copy-pasting malicious PowerShell?     Resources:   View Mark Morowczynski on LinkedIn  View Matt Zorich on LinkedIn  View Rod Trent on LinkedIn  View Lekshmi Vijayan on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Episode Description

In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by the authors of the new book The Definitive Guide to KQL: Using Kusto Query Language for Operations, Defending, and Threat Hunting. Guests Rod Trent, Matt Zorich, and Mark Morowczynski discuss the significance of KQL (Kusto Query Language) in cloud data security and how it enables efficient data querying for threat detection in Microsoft products like Sentinel and Defender. They share insights from their own experiences, highlight key features of the book, and explain how both beginners and experts can benefit from KQL. Later in the episode Sherrod speaks with Senior Threat Hunter Lekshmi Vijayan about the growing trend of cyberattacks using malicious PowerShell commands. Lekshmi explains how attackers trick users into copying and pasting harmful code, often through compromised websites or phishing emails. They discuss how these attacks aim to install remote access tools like NetSupport RAT or information stealers, targeting sensitive data like browser credentials and crypto keys.    In this episode you’ll learn:       How KQL is applied in real-world security scenarios including incident response  Key features and benefits of KQL when it comes to security and cloud data  Distinguishing between legitimate and malicious uses of remote management tools      Some questions we ask:        How does KQL tie into the Microsoft ecosystem, like Defender and Copilot?  What advice would you give to someone new to KQL who wants to start learning?  What is the technique we're seeing with copy-pasting malicious PowerShell?     Resources:   View Mark Morowczynski on LinkedIn  View Matt Zorich on LinkedIn  View Rod Trent on LinkedIn  View Lekshmi Vijayan on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.

Share this episode

Similar Episodes

Build AI Agents by Voice, Not Workflows

Apr 8, 2026 ·27m

#64 KI auf der Nase - Sind Smart Glasses der nächste große Gamechanger(?) | mit Sabrina Göttlinger

Apr 7, 2026 ·38m

The AI Coding Reckoning: What Breaks First?

Apr 5, 2026 ·35m

Build AI Agents Overnight: Prompt-to-Prototype

Apr 1, 2026 ·29m

Copilot Chaos: A Simple Map of Microsoft's AI

Mar 30, 2026 ·28m

AI Adoption Isn’t IT: Exec Alignment Comes First

Mar 29, 2026 ·31m

Similar Podcasts

Microsoft Innovation Podcast Mark Smith [nz365guy] If you want to get your ideas or questions featured on an episode, please leave us a voicemail: https://www.microsoftinnovationpodcast.com/voicemail/Dive into the future of work with the "Microsoft Innovation Podcast," exploring the intersection of People, Business, Technology, and AI.  Engage with expert guests—including thought leaders from Microsoft, industry innovators, and community specialists—who are redefining the world with advancements in AI, Cloud technologies, the Power Platform, Dynamics 365, and beyond.Every episode delivers a blend of in-depth discussions, practical insights, and actionable strategies tailored for professionals driving enablement and innovation. Join us across our six shows:The Power Platform ShowThe MVP ShowThe Copilot ShowThe Ecosystems ShowThe AI AdvantageThe AI Unfilter The Microsoft Innovative Expert Spotlight Series Podcast Jeffrey Bradbury Welcome to the Microsoft Innovative Educator (MIE) Spotlight Series Podcast. If you are an educator looking to learn how to leverage the power of innovative teaching with technology in your classroom, this is the podcast for you. Each episode of the MIE Spotlight Series features a dynamic teacher, a Microsoft Innovative Educator, showcasing how they are transforming their classrooms through creative lessons and 21st century teaching styles. This podcast is hosted by educator Jeff Bradbury from the TeacherCast Educational Network and brought to you by Microsoft in Education. Tech Directions EY Microsoft Welcome to the EY Microsoft Tech Directions podcast series – your briefing on the biggest technology trends and how they will help organizations build a better working world. We investigate the benefits of technologies and discuss how they herald a new era of improved customer, employee and stakeholder experiences, while also increasing return on investment for shareholders. In each podcast we’ll reveal how EY and Microsoft can help companies digitally transform by applying their considerable experience and innovative technologies. Mas Cara Download Microsoft Windows 11
URL copied to clipboard!