Talk on Nicola Suterhttps://nicolasuter.ch/tags/talk/Recent content in Talk on Nicola SuterHugo -- gohugo.ioen-US© 2026 Nicola SuterMon, 01 Jul 2024 20:07:46 +0000Mai 2024 KQL Café Recaphttps://nicolasuter.ch/mai-2024-kql-cafe-recap/Mon, 01 Jul 2024 20:07:46 +0000https://nicolasuter.ch/mai-2024-kql-cafe-recap/<p>In May I had the pleasure to be invited to the <a href="https://kqlcafe.github.io/website/" target="_blank" rel="noreferrer">KQL Café</a> which is hosted by <a href="https://twitter.com/castello_johnny" target="_blank" rel="noreferrer">Gianni Castaldi</a> &amp; <a href="https://twitter.com/alexverboon" target="_blank" rel="noreferrer">Alex Verboon</a>. Within this format they empower people to work with KQL and share various tips and tricks. So this is not a usual blogpost but rather a summary and resource hub for the things I presented within the KQL Café.</p> <h1 class="relative group">Summary <div id="summary" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#summary" aria-label="Anchor">#</a> </span> </h1> <p>To make the content of my talk more accessible, you can find a summary of the individual topics, including the leveraged KQL queries and further resources as part of this post. The KQL queries were mostly consuming the Entra ID Sign-In and Audit Logs. You can forward them to your Microsoft Sentinel or Log Analytics workspace.</p> <h2 class="relative group">Recording <div id="recording" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#recording" aria-label="Anchor">#</a> </span> </h2> <p>You can find the full recording of the KQL Café on YoutTube.</p> <iframe width="560" height="315" src="https://www.youtube-nocookie.com/embed/lKB1sfZuDio?si=HgXMFWTI21ypES3g" title="YouTube video player" frameborder="0" allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share" referrerpolicy="strict-origin-when-cross-origin" allowfullscreen></iframe> <h2 class="relative group">What the heck is ITDR?! <div id="what-the-heck-isitdr" class="anchor"></div> <span class="absolute top-0 w-6 transition-opacity opacity-0 -start-6 not-prose group-hover:opacity-100 select-none"> <a class="text-primary-300 dark:text-neutral-700 !no-underline" href="#what-the-heck-isitdr" aria-label="Anchor">#</a> </span> </h2> <p>Identity Threat Detection and Response (ITDR) is currently one of my favourite topics. It’s basically a combination of the disciplines Identity and Access Management (IAM) and the cyber security disciplines detection and response. Similar to other cybersecurity topics there’s a rule of thumb: The more you invest on the preventive side to increase your identity security posture — the less effort you (hopefully) have on the detection and response side 🤞🤞. Within my talk for the KQL Café I addressed various of those ITDR topics that help you on the preventive side.</p>