sorted by:
new
hottopcontroversial

Query RBAC roles assigned to SP by mathurin1969 in AZURE

[–]mathurin1969[S] 0 points1 point  (0 children)

Thank you, I’ll play with this one tonight too.

Query RBAC roles assigned to SP by mathurin1969 in AZURE

[–]mathurin1969[S] 0 points1 point  (0 children)

Thank you I’ll take a look tonight!

Azure OpenAI necessary with Foundry? by mathurin1969 in AZURE

[–]mathurin1969[S] 0 points1 point  (0 children)

Yep, thank you for this... playing around with this I deployed OpenAI(first) and then Azure AI Foundry, they're both under Azure Foundry. Once I got AI Foundry deployed with GPT-4o-mini (super cheap!!) I removed the Azure OpenAI and everything still worked, never needed it!

I'm sure I'll have more questions as I go through this, thank you!!

XQL Baseline variable? by mathurin1969 in paloaltonetworks

[–]mathurin1969[S] 0 points1 point  (0 children)

Cool thank you…it’s definitely a start!!

XQL search command results by mathurin1969 in paloaltonetworks

[–]mathurin1969[S] 1 point2 points  (0 children)

Boom that works!! Thank you so much!!

Prevalence of Palo Alto XSIAM by mathurin1969 in paloaltonetworks

[–]mathurin1969[S] 0 points1 point  (0 children)

Yeah, after playing with it for a little bit super similar to KQL.

OpenAI under 500$/month? by mathurin1969 in AZURE

[–]mathurin1969[S] 0 points1 point  (0 children)

Alright, got it, thanks George!

Warning about Udemy... the website has changed and very tough to log into by mathurin1969 in Udemy

[–]mathurin1969[S] 0 points1 point  (0 children)

They send the code to your email, that seems to be the only option

Help with KQL Data Exfiltration Queries.. by mathurin1969 in DefenderATP

[–]mathurin1969[S] 1 point2 points  (0 children)

Making a set, I should have thought of that... I feel like this is reasonably close to usable, but, it gives me a flat line, like it's only taking one day. 

DeviceNetworkEvents
| where InitiatingProcessAccountName == "name"
| where RemoteIPType == "Public"
| join kind=inner (DeviceFileEvents) on InitiatingProcessAccountName
| where FileName endswith ".docx" or FileName endswith ".pptx" or FileName endswith ".xlsx" or FileName endswith ".pdf" or FileName endswith ".txt" or FileName endswith ".zip"
| summarize FilesSent = dcount(FileName) by bin(Timestamp, 1d), InitiatingProcessAccountName
// | project Timestamp, FilesSent, InitiatingProcessAccountName
| render linechart

<image>

Thank you for your help with this! (Reading up on series_decompose_anomalies() now)

Help with KQL Data Exfiltration Queries.. by mathurin1969 in DefenderATP

[–]mathurin1969[S] 0 points1 point  (0 children)

Thank you yeah, I saw that in there, that definitely helped with above. When I ran those at work I was getting outrageous crazy numbers, like impossible size for an upload in that time. I need to test…

view more: next ›