Why containers not VMs? Total noob here. I went from picking up a few WI. Fi smart bulbs to deciding Hey and at home. Automation would be better than the cloud apps. 2, Hey, I need to build myself a home lab computer to run. Home assistant, and now i'm here and I don't know how I got here and yeah
Thanks a lot for this. I'm a non-tech person retraining on a network+ prep course that's insanely fast-paced and not particularly well organized. Thankfully, the instructor included your video as part of the workbook and it actually made sense to me. I appreciate you man.
I am little confused with arg_max function still. From what I understood was arg_max will return maximum value for whatever column is in the bracket. For example let's say I have following simple query. This will return single row as result of latest value as we're passing TimeGenerated in brackets to arg_max SecurityEvent | where TimeGenerated > ago(1d) | summarize arg_max(TimeGenerated, *) But when I replace this with following query, it gives me multiple results. SecurityEvent | where TimeGenerated > ago(1d) | summarize arg_max(TimeGenerated, AccountType, Activity) by Account So this is kinda confusing me as it's not giving just maximum value but multiple results. Is it because of what you explained at around @ 16.21 in this video?? So far I am finding your tutorials helpful in understanding KQL better as this is something that has always challenged me within Azure..
Today my school had gotten hacked and it was because these kids were going on bad websites and the firewall got open and hackers were able to get into all our computers and find our information. But it’s was only in middle school so elementary kids were fine. They did change the password though which I don’t know if that did anything tbh
Yes a couple ways to achieve. One example is to embed the subquery in parenthesis when you join it. Just need a common reference common between both tables
This is pretty cool but that's not how groups in regex works. 0 is the whole match but without regex syntax, 1 is the first group, 2 is the second etc. if you do match "thing (one) (two)" then 0 returns " thing one two", 1 returns one, and 2 returns two.
Hello @Teachjing, All your tutorials are very helpful I know my question might be two years late but the "protectionstatus" table no longer seems to have no sample data work with . I am trying to work with your instructions but the "protectionstatus" table within the database "security and audit " has no sample data so what would you suggest we use as an alternative ?
Studying for my SC-200 as of current! This has come in so much help, I think I am primarily struggling with the tables and filters, and just understanding the processes, any tips to simplify this or how to learn this any quicker from a non-technical background.
Just imagine water. When you filter the water, the output of that water can be filtered again. This can be chained as many times as you want to get to the output you desire. Water -> remove sand -> remove bacteria -> add bleach -> boil it -> desired water state. In KQL the output of a result can be filtered again by adding another pipe “|”. You can pipe as many times as you want which doesn’t look very nice but still gets the job done 😀 Table | filter by certain time | filter by certain hostname | summarize by event count | desired output One key note to know is you can’t unfilter what you have filtered just like water, but you can move the sequence around. An example is you typically want to summarize at the end. If you do it in the beginning, you may not have the desired result you want.
Hi Sir. Thanks for you great work. I have learned a lot from your videos. However, there is one thing I can’t seem to figure out. I want to run a query where the data is found in 2 different tables (SecurityAlert & SigninLogs). The common column in both tables is “UsedId”. How can I use join or union operator to put these 2 tables together and get my data. The common column in the 2 tables is “UsedId” SecurityAlert | where AlertName == "Unfamiliar sign-in properties" | where AlertSeverity == "High" SigninLogs | where RiskState == "atRisk"
Regarding the difficulty level, I must say that it was just right for me. The material was presented in a way that was challenging enough to keep me engaged but also manageable to grasp. I'm glad to hear that it will get better as the series progresses, and I'm excited to continue learning. Once again, thank you for your dedication to teaching and your willingness to assist learners. I truly appreciate the support and look forward to continuing this journey with your valuable guidance. Once again, thank you for your dedication to teaching and your willingness to assist learners. I truly appreciate the support and look forward to continuing this journey with your valuable guidance.
