When you group your logs by timestamp(binning) to detect threats, you probably cause false negatives. Solve it using sliding window counts!

https://academy.bluraven.io/blog/advanced-kql-for-threat-hunting-window-functions-part-2

#KQL #ThreatHunting #DetectionEngineering

Comments

Posting Rules

  • Be respectful to others
  • No spam or self-promotion
  • Stay on topic
  • Follow Bluesky's terms of service