kql

In the depths of my hard drive, I recently stumbled upon an interesting project I started working a year ago. But never really took off at that time. After working with various SIEM tooling for several years, I had become a big fan of Microsoft Sentinel. The fact that it was cloud-based and from Microsoft was less appealing (yes, I am still an open-source and Linux fan), but working with KQL was a breath of fresh air compared to the regex hell and GUI systems of other SIEMs....