Michael Melone

icon indicating a website link https://www.linkedin.com/in/mjmelone

icon company Microsoft icon location Tampa icon location Defender ATP program manager with over 7 1/2 years on Microsoft Detection and Response Team (DART).

Results 4 comments of Michael Melone

Web Traffic data hunt

Good morning all, Here's how I would likely approach the issue. First, parse the URLs from urlhaus into their individual parts using the parse_url() function: ``` (externaldata(payload_url: string ) [@"https://urlhaus.abuse.ch/downloads/text_recent/"]...

Web Traffic data hunt

One slight modification - using case insensitive equals ``` let urlhausurls = toscalar((externaldata(payload_url: string ) [@"https://urlhaus.abuse.ch/downloads/text_recent/"] with (format="txt")) | extend ParsedUrl = parse_url(payload_url) | evaluate bag_unpack(ParsedUrl) | extend Port =...

Create DNS Server Report.csl

Actually, let me add your logic and turn it into a columnchart - good idea

Create DNS Server Report.csl

Ok, reviewed the logic and intent of this query and I'm not sure it makes sense to include IdentityQueryEvents in this case. This query is designed to find clients which...