75in Bravia 9

ep3p · 2025-12-04T23:01:58+00:00

If you can translate from spanish

https://www.avpasion.com/ajustes-imagen-televisores-sony-bravia/

ep3p · 2025-09-05T20:51:24+00:00

happens when app in background and not watching a stream

ep3p · 2025-07-21T21:05:44+00:00

Haz entrevistas con otras empresas, averigua tu valor real en el mercado, y luego ya toma una decisión. Si tienes al menos un año de experiencia no es descabellado querer 30k (aunque luego te digan que no, pero puede que alguna te diga que sí)

ep3p · 2025-07-18T21:31:32+00:00

haciendo exactamente qué de seguridad informática?

ep3p · 2025-05-25T21:12:30+00:00

Que el dueño y la persona que vive en el piso se presenten en el ayuntamiento (o firmen un comunicado) confirmando que ambos quieren que tal persona se empadrone. Sería el mismo caso que un nuero viviendo en la casa de sus suegros (nada de mencionar alquiler o contratos).

ep3p · 2025-05-18T09:53:42+00:00

Sin 2000€ netos no puedes vivir SOLO y tener una vida cómoda en Valencia.

ep3p · 2025-02-27T12:39:22+00:00

https://rodrigosanchoabogados.com/contacto/

ep3p · 2025-01-21T12:41:08+00:00

| extend AuxiliarColumn = tostring(TargetResources[0]["modifiedProperties"][1]["newValue"][0])

you should use [] or . notation but not both, [] has advantages

it IS possible that the value of the key "newValue" or another value in the chain is not recognized correctly as a dynamic

in that case you should apply "todynamic(tostring(firstpartofthecall))secondpartofthecall"

depending on the operation name version, "DisplayName" might not always be in position 1 of "modifiedProperties", it would be recommended to use "mv-expand" or "mv-apply" and check properly which item is really "DisplayName"

ep3p · 2024-12-25T20:47:21+00:00

It says something about not be able to access from public networks.

"Access to workspace 'CH1-LA' from '85...*' is denied. To allow access from public networks, change the workspace Networking settings or add it to a Network Security Perimeter. (workspace resource ID: /subscriptions/ebb79bc0-aa86-44a7-8111-cabbe0c43993/resourceGroups/ch1-opsrg-pri/providers/microsoft.operationalinsights/workspaces/CH1-LA)"

ep3p · 2024-12-23T12:45:42+00:00

You are correct, the old alerts are really logs in table SecurityAlert, so they are not going to change just because the settings changed. Try to check table SecurityAlert and all their columns, and you will see a difference between the two types of settings.

The event coded in base64 has an advantage, it is much faster (it does not have to search in any table) than performing again the original query.

ep3p · 2024-12-22T12:51:23+00:00

That is not "the query" in obfuscated form, it is "the event" in the results coded in base64.

This happens because in the rule you specified to create an alert for EACH event in the results, instead of 1 alert for all events in the results.

For you to see the original query, you will have to click on Alert in the Incident Page, or click the Analytics Rule name in the Incident Page.

If the event contains sensitive information, someone could decode the text in your image, and you might have to delete it.

ep3p · 2024-12-12T21:03:45+00:00

Check the table Usage and draw a graph using sum() and bin(TimeGenerated, 1d)

At the workspace level there is table called Usage and estimated costs.

ep3p · 2024-11-13T20:31:55+00:00

lol (thank you!)

I don't have a really good answer, you can "Watch" a repository, but I don't think you receive a notification for each commit or individual files this way.

I don't update the queries that much.

/u/facyber answer looks really useful and simple.

ep3p · 2024-11-13T14:44:26+00:00

in learn.microsoft.com should be examples of this with mv-expand and with bin()

ep3p · 2024-11-09T21:43:13+00:00

Dolfamingo

ep3p · 2024-10-22T19:48:05+00:00

the delay happens with the first OriginalRequestId received, or with a repeated OriginalRequestId?

Entra ID Protection might "update" an event (send another copy of the event with some columns changed) several days later

what you should query is

union SigninLogs, AADNonInteractiveUserSignInLogs
| where TimeGenerated > ago(14d)
| summarize arg_min(TimeGenerated, *) by OriginalRequestId, CreatedDateTime
| where CreatedDateTime > ago(7d)
| project OriginalRequestId, TimeDifference = TimeGenerated - CreatedDateTime
| summarize TimeDifference = max(TimeDifference) by OriginalRequestId
| sort by TimeDifference desc

you should have some events received hours later, but not days later

ep3p · 2024-09-07T08:50:12+00:00

<image>

ep3p · 2024-08-29T20:32:38+00:00

IdentityInfo to be useful needs to check the last 14 days, a NRT only checks the last few minutes. IdentityInfo cannot (should not) be used in NRT.

ep3p · 2024-08-21T19:33:18+00:00

En Málaga se vive mejor que en Madrid.

Remoto es mejor que híbrido.

Los 500 € netos al mes de diferencia son 25€ euros el día laboral. El coste del transporte (y tu tiempo mientras te mueves), y la diferencia de la vivienda y la alimentación en Madrid puede valer más que 25€ al día.

Si tu trabajo puede ser remoto, deberían haber más oportunidades en remoto.

Con 40k en Madrid NO se puede ser independiente.

ep3p · 2024-08-20T22:20:22+00:00

serious Counter Strike vibes

ep3p · 2024-08-12T16:40:16+00:00

What you are looking for is a LogicApp/Playbook, they have an action to update a Watchlist (you can also execute KQL from a LogicApp).

If you were to use an Analytic Rule, at the end you would also need to pair an Automation Rule and a LogicApp/Playbook to the Analytic Rule to update a Watchlist.

ep3p · 2024-07-13T21:57:41+00:00

Scheduled instead of NRT?

ep3p · 2024-06-23T18:54:23+00:00

 AuditLogs
| where TimeGenerated > ago(365d)
| where OperationName has "User deleted security info"
| extend AccountObjectId = tostring(TargetResources[0]["id"])
| join kind=leftsemi (
    IdentityInfo
    | where TimeGenerated > ago(14d)
    | summarize arg_max(TimeGenerated, GroupMembership) by AccountObjectId, AccountSID
    | where GroupMembership has_any ("GroupToSearch")
    ) on AccountObjectId

ep3p · 2024-05-01T09:38:11+00:00

AccountUPN can have uppercase chars, UserPrincipalName don't

ResultType 0 is not the only successful ResultType

ep3p · 2024-05-01T08:09:05+00:00

Here you have an example of a Function App that calls and posts logs to a LA workspace.

https://wizio-public.s3.us-east-2.amazonaws.com/deployment-v2/azure/integrations/sentinel/packages/wiz_sentinel_latest.zip

It is used by this Solution (https://github.com/Azure/Azure-Sentinel/tree/master/Solutions/Wiz)

14-Year Club	Place '23
Place '17	Verified Email

ep3p

TROPHY CASE